Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

trust_x_headers is not actually applied #195

Open
jhnstrk opened this issue Dec 8, 2024 · 1 comment
Open

trust_x_headers is not actually applied #195

jhnstrk opened this issue Dec 8, 2024 · 1 comment

Comments

@jhnstrk
Copy link
Contributor

jhnstrk commented Dec 8, 2024

The argument trust_x_headers to create_form_parser is currently not applied.

It should be either applied as documented or removed. Currently the argument is never used outside the function definition, and the code behaves as if it is always True, since X-File-Name is always read.
@defnull
Copy link
Contributor

defnull commented Dec 8, 2024
edited
Loading

Hmm the X-File-Name header is always used as you say, the trust_x_headers parameter has no effect. That's a bug.

But what surprises me even more is the fact that it's only used in case of an application/octet-stream requests. Why is there an OctetStreamParser in a form parser library to begin with? This special case seems odd, octet streams are just raw data and do not need any parsing. I wonder what the idea was, 11 years ago. I guess some non-standard file upload convention?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@defnull @jhnstrk