aboutsummaryrefslogtreecommitdiffstatshomepage
path: root/Lib/http/server.py
Commit message (Collapse)AuthorAge
* gh-133810: remove `http.server.CGIHTTPRequestHandler` and `--cgi` flag (#133811)Bénédikt Tran20 hours
| | | The CGI HTTP request handler has been deprecated since Python 3.13.
* gh-134098: Fix handling %-encoded trailing slash in SimpleHTTPRequestHandler ↵Serhiy Storchaka21 hours
| | | | (GH-134099)
* gh-130645: Add color to stdlib argparse CLIs (gh-133380)Hugo van Kemenade12 days
|
* Docs: Replace dead hyperlink for CGI environment variables (#132137)Srinivas Reddy Thatiparthy (తాటిపర్తి శ్రీనివాస్ రెడ్డి)2025-04-06
|
* gh-85162: Add `HTTPSServer` to `http.server` to serve files over HTTPS ↵Semyon Moroz2025-04-05
| | | | | | | (#129607) The `http.server` module now supports serving over HTTPS using the `http.server.HTTPSServer` class. This functionality is also exposed by the command-line interface (`python -m http.server`) through the `--tls-cert`, `--tls-key` and `--tls-password-file` options.
* Remove incorrect imports rationale comment in `http.server` (#128278)Moshe Kaplan2024-12-26
| | | Remove reference to gethostbyaddr(), because it's not actually used within this code.
* gh-123430: Add dark mode support to pages generated by http.server (#123475)Yorik Hansen2024-09-03
| | | | | | Co-authored-by: Peter Bierma <zintensitydev@gmail.com> Co-authored-by: blurb-it[bot] <43283697+blurb-it[bot]@users.noreply.github.com> Co-authored-by: Victor Stinner <vstinner@python.org>
* gh-120485: Add an override of `allow_reuse_port` on classes subclassing ↵Idan Kapustian2024-06-16
| | | | | `socketserver.TCPServer` (GH-120488) Co-authored-by: Vinay Sajip <vinay_sajip@yahoo.co.uk>
* gh-66543: Add mimetypes.guess_file_type() (GH-117258)Serhiy Storchaka2024-05-06
|
* gh-109096: Deprecate `http.server.CGIHTTPRequestHandler` (#109387)Gregory P. Smith2023-09-15
| | | | | Deprecate `http.server.CGIHTTPRequestHandler`. Co-authored-by: Jelle Zijlstra <jelle.zijlstra@gmail.com>
* gh-103204: `http.server` - Enforce that HTTP version numbers must consist ↵Ben Kallus2023-05-12
| | | | | | | | | | only of digits (#103205) Reject HTTP requests with invalid http/x.y version numbers: x or y being non-digits or too-long. --------- Co-authored-by: Oleg Iarygin <oleg@arhadthedev.net> Co-authored-by: Gregory P. Smith <greg@krypto.org>
* gh-104049: do not expose on-disk location from SimpleHTTPRequestHandler ↵Ethan Furman2023-05-03
| | | | | | | | | | (#104067) Do not expose the local server's on-disk location from `SimpleHTTPRequestHandler` when generating a directory index. (unnecessary information disclosure) --------- Co-authored-by: Gregory P. Smith <greg@krypto.org> Co-authored-by: Jelle Zijlstra <jelle.zijlstra@gmail.com>
* gh-91219: http - use subclassing to override index_pages attribute (GH-100731)Ethan Furman2023-01-03
| | | Remove previously added parameter to `__init__`, and recommend subclassing to modify the `index_pages` attribute instead.
* gh-100474: Fix handling of dirs named index.html in http.server (GH-100475)James Frost2022-12-24
| | | | | | | If you had a directory called index.html or index.htm within a directory, it would cause http.server to return a 404 Not Found error instead of the directory listing. This came about due to not checking that the index was a regular file. I have also added a test case for this situation. Automerge-Triggered-By: GH:merwok
* gh-100001: Also escape \s in http.server log messages. (#100038)Gregory P. Smith2022-12-05
| | | | | | | Also \ escape \s in the http.server BaseHTTPRequestHandler.log_message so that it is technically possible to parse the line and reconstruct what the original data was. Without this a \xHH is ambiguious as to if it is a hex replacement we put in or the characters r"\x" came through in the original request line.
* gh-100001: Omit control characters in http.server stderr logs. (#100002)Gregory P. Smith2022-12-05
| | | Replace control characters in http.server.BaseHTTPRequestHandler.log_message with an escaped \xHH sequence to avoid causing problems for the terminal the output is printed to.
* gh-91219: Add an index_pages default list and parameter to ↵Myron Walker2022-06-23
| | | | | | | | SimpleHTTPRequestHandler (GH-31985) * Add an index_pages default list to SimpleHTTPRequestHandler and an optional constructor parameter that allows the default indexes pages list to be overridden. This makes it easy to set a new index page name without having to override send_head.
* gh-87389: Fix an open redirection vulnerability in http.server. (#93879)Gregory P. Smith2022-06-21
| | | | | | | | Fix an open redirection vulnerability in the `http.server` module when an URI path starts with `//` that could produce a 301 Location header with a misleading target. Vulnerability discovered, and logic fix proposed, by Hamza Avvan (@hamzaavvan). Test and comments authored by Gregory P. Smith [Google].
* bpo-46285: Add command-line option -p/--protocol to module http.server (#30999)Géry Ogam2022-05-02
| | | | Co-authored-by: Éric <merwok@netwok.org> Co-authored-by: Jelle Zijlstra <jelle.zijlstra@gmail.com>
* closes bpo-46736: SimpleHTTPRequestHandler now uses HTML5. (GH-31533)Dong-hee Na2022-02-23
| | | Co-authored-by: Oleg Iarygin <dralife@yandex.ru>
* bpo-46436: Fix command-line option -d/--directory in module http.server ↵Géry Ogam2022-02-03
| | | | | | | | (GH-30701) Fix command-line option -d/--directory in http.server main function that was ignored when combined with --cgi. Automerge-Triggered-By: GH:merwok
* Fix typos in multiple files (GH-26689)Binbin2021-06-12
| | | Co-authored-by: Terry Jan Reedy <tjreedy@udel.edu>
* bpo-43972: Set content-length to 0 for http.server.SimpleHTTPRequestHandler ↵Stephen Rosen2021-05-06
| | | | | | | | | | | | | | | | | | | | | | | | | | 301s (GH-25705) * Set content-length for simple http server 301s When http.server.SimpleHTTPRequestHandler sends a 301 (Moved Permanently) due to a missing file, it does not set a Content-Length of 0. Unfortunately, certain clients can be left waiting for the connection to be closed in this circumstance, even though no body will be sent. At time of writing, both curl and Firefox demonstrate this behavior. * Test Content-Length on simple http server redirect When serving a redirect, the SimpleHTTPRequestHandler will now send `Content-Length: 0`. Several tests for http.server already cover various behaviors and checks including redirection. This change only adds one check for the expected Content-Length on the simplest case for a redirect. * Add news entry for SimpleHTTPRequestHandler fix * Clarify the specific kind of 301 Co-authored-by: Senthil Kumaran <skumaran@gatech.edu>
* GH-5054: CGIHTTPRequestHandler.run_cgi() HTTP_ACCEPT improperly parsed (#23638)Senthil Kumaran2020-12-05
|
* Remove the conditional for setting query. (#23604)Senthil Kumaran2020-12-02
|
* bpo-42413: socket.timeout is now an alias of TimeoutError (GH-23413)Christian Heimes2020-11-20
| | | Signed-off-by: Christian Heimes <christian@python.org>
* bpo-40094: CGIHTTPRequestHandler logs exit code (GH-19285)Victor Stinner2020-04-02
| | | | | | | CGIHTTPRequestHandler of http.server now logs the CGI script exit code, rather than the CGI script exit status of os.waitpid(). For example, if the script is killed by signal 11, it now logs: "CGI script exit code -11."
* bpo-35292: Avoid calling mimetypes.init when http.server is imported (GH-17822)An Long2020-01-08
|
* bpo-38907: Suppress any exception when attempting to set V6ONLY. (GH-17864)Jason R. Coombs2020-01-06
| | | Fixes error attempting to bind to IPv4 address.
* bpo-38907: In http.server script, restore binding to IPv4 on Windows. (GH-17851)Jason R. Coombs2020-01-05
|
* bpo-38863: Improve is_cgi() in http.server (GH-17312)Siwon Kang2019-11-22
| | | | | | | | | | | | | | | | | | | is_cgi() function of http.server library does not currently handle a cgi script if one of the cgi_directories is located at the sub-directory of given path. Since is_cgi() in CGIHTTPRequestHandler class separates given path into (dir, rest) based on the first seen '/', multi-level directories like /sub/dir/cgi-bin/hello.py is divided into head=/sub, rest=dir/cgi-bin/hello.py then check whether '/sub' exists in cgi_directories = [..., '/sub/dir/cgi-bin']. This patch makes the is_cgi() keep expanding dir part to the next '/' then checking if that expanded path exists in the cgi_directories. Signed-off-by: Siwon Kang <kkangshawn@gmail.com> https://bugs.python.org/issue38863
* bpo-35640: Allow passing PathLike arguments to SimpleHTTPRequestHandler ↵Géry Ogam2019-09-11
| | | | (GH-11398)
* bpo-24209: In http.server script, rely on getaddrinfo to bind to preferred ↵Jason R. Coombs2019-02-07
| | | | | | | address based on the bind parameter. (#11767) In http.server script, rely on getaddrinfo to bind to preferred address based on the bind parameter. As a result, now IPv6 is used as the default (including IPv4 on dual-stack systems). Enhanced tests.
* bpo-34711: Return HTTPStatus.NOT_FOUND if path.endswith('/') and not a ↵Michael Felt2018-12-26
| | | | | | | | | | directory (GH-9687) AIX allows a trailing slash on local file system paths, which isn't what we want in http.server. Accordingly, check explicitly for this case in the server code, rather than relying on the OS raising an exception. Patch by Michael Felt.
* Adds IPv6 support when invoking http.server directly. (GH-10595)Lisa Roach2018-11-26
|
* bpo-33663: Convert content length to string before putting to header (GH-7754)ValeriyaSinevich2018-06-18
|
* bpo-31639: Change ThreadedHTTPServer to ThreadingHTTPServer class name (GH-7195)Géry Ogam2018-05-29
|
* bpo-31639: Use threads in http.server module. (GH-5018)Julien Palard2018-03-23
|
* bpo-31462: Remove trailing whitespaces. (#3564)Serhiy Storchaka2017-09-14
|
* bpo-28707: Add the directory parameter to ↵Stéphane Wirtel2017-05-24
| | | | | | | | http.server.SimpleHTTPRequestHandler and http.server module (#1776) * bpo-28707: call the constructor of SimpleHTTPRequestHandler in the test with a mock object * bpo-28707: Add the directory parameter to http.server.SimpleHTTPRequestHandler and http.server module
* bpo-30166: Import command-line parsing modules only when needed. (#1293)Serhiy Storchaka2017-05-04
|
* bpo-29654 : Support If-Modified-Since HTTP header (browser cache) (#298)Pierre Quentel2017-04-02
| | | | Return 304 response if file was not modified.
* Issue #28548: Parse HTTP request version even if too many words receivedMartin Panter2016-11-19
|
* Issue #25738: Merge HTTP server from 3.5Martin Panter2016-06-08
|\
| * Issue #25738: Don’t send message body for 205 Reset ContentMartin Panter2016-06-08
| | | | | | | | Patch by Susumu Koshiba.
* | Issue #24902: Print server URL on http.server startupBerker Peksag2016-04-29
| | | | | | | | Initial patch by Felix Kaiser.
* | Issue #26657: Merge http.server fix from 3.5Martin Panter2016-04-18
|\|
| * Issue #26657: Fix Windows directory traversal vulnerability with http.serverMartin Panter2016-04-18
| | | | | | | | | | Based on patch by Philipp Hagemeister. This fixes a regression caused by revision f4377699fd47.
* | Issue #26404: Add context manager to socketserver, by Aviv PalivodaMartin Panter2016-04-13
| |
* | Issue #26585: Eliminate _quote_html() and use html.escape(quote=False)Martin Panter2016-04-11
| | | | | | | | Patch by Xiang Zhang.
generated by cgit v1.2.3 (git 2.39.1) at 2025-05-18 04:16:31 +0000