[Django] #30015: HTTP server doesn't clear previous request data in keep-alive connection.
Django
-------------------------------------+-------------------------------------
Reporter: kalekseev | Owner: nobody
Type: | Status: new
Uncategorized |
Component: Core | Version: 2.1
(Other) |
Severity: Normal | Keywords: keep-alive, server
Triage Stage: | Has patch: 1
Unreviewed |
Needs documentation: 0 | Needs tests: 0
Patch needs improvement: 0 | Easy pickings: 0
UI/UX: 0 |
-------------------------------------+-------------------------------------
Django 2.1.4 affected.
Commit that enabled keep-alive connections
https://github.com/django/django/commit/934acf1126995f6e6ccba5947ec8f7561633c27f
Bug: if you make two requests in one keep-alive connection and first
request posted data that wasn't read in the view
then on second request that data will be read alongside with first line of
the new request.
As a result request.method will contain "..data from previous
request...POST"
Pull request with test and possible fix
https://github.com/django/django/pull/10732
--
Ticket URL: <https://code.djangoproject.com/ticket/30015>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
Django
Reporter: kalekseev | Owner: nobody
Type: Bug | Status: new
Component: HTTP handling | Version: 2.1
Severity: Release blocker | Resolution:
Keywords: keep-alive, server | Triage Stage: Accepted
Has patch: 1 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
Changes (by Simon Charette):
* cc: Florian Apolloner (added)
* type: Uncategorized => Bug
* component: Core (Other) => HTTP handling
* severity: Normal => Release blocker
* stage: Unreviewed => Accepted
--
Ticket URL: <https://code.djangoproject.com/ticket/30015#comment:1>
Django
-------------------------------------+------------------------------------
Type: Bug | Status: new
Component: HTTP handling | Version: 2.1
Severity: Release blocker | Resolution:
Has patch: 1 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
-------------------------------------+------------------------------------
Comment (by Xavier Fernandez):
Hello,
our Selenium tests were also affected by the same change (bisecting lead
to
https://github.com/django/django/commit/e1721ece485b35ab5543f134203a8a8ce9f31a7c
which is
https://github.com/django/django/commit/934acf1126995f6e6ccba5947ec8f7561633c27f).
Basically, the webdriver `get(url)` gets stuck for several hundred of
seconds leading to test timeout, I'm trying to build a minimal selenium
test showing this regression.
In the meanwhile, the provided patch makes our tests pass again but seems
to crash a bunch of threads with:
{{{
File
"/home/xfernandez/other_dev/django/django/core/servers/basehttp.py", line
101, in close
obj._stream._read_limited()
AttributeError: '_io.BytesIO' object has no attribute '_read_limited'
}}}
or
{{{
File
"/home/xfernandez/other_dev/django/django/core/servers/basehttp.py", line
99, in close
for obj in self.result._closable_objects:
AttributeError: 'FileWrapper' object has no attribute '_closable_objects'
}}}
--
Ticket URL: <https://code.djangoproject.com/ticket/30015#comment:2>
Django
Reporter: Konstantin Alekseev | Owner: nobody
Type: Bug | Status: new
Component: HTTP handling | Version: 2.1
Severity: Release blocker | Resolution:
Has patch: 1 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
Comment (by Xavier Fernandez):
Nevermind my previous comment, my issue was in fact different (and might
actually be invalid), cf #30018
--
Ticket URL: <https://code.djangoproject.com/ticket/30015#comment:3>
Django
-------------------------------------+-------------------------------------
Type: Bug | Status: new
Component: HTTP handling | Version: 2.1
Severity: Release blocker | Resolution:
| checkin
Has patch: 1 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
-------------------------------------+-------------------------------------
* stage: Accepted => Ready for checkin
--
Ticket URL: <https://code.djangoproject.com/ticket/30015#comment:4>
Django
-------------------------------------+-------------------------------------
Component: HTTP handling | Version: 2.1
Keywords: keep-alive, server | Triage Stage: Ready for
| checkin
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
-------------------------------------+-------------------------------------
* status: new => closed
* resolution: => fixed
Comment:
In [changeset:"b514dc14f4e1c364341f5931b354e83ef15ee12d" b514dc14]:
{{{
#!CommitTicketReference repository=""
revision="b514dc14f4e1c364341f5931b354e83ef15ee12d"
Fixed #30015 -- Ensured request body is properly consumed for keep-alive
connections.
}}}
--
Ticket URL: <https://code.djangoproject.com/ticket/30015#comment:5>
Django
-------------------------------------+-------------------------------------
Type: Bug | Status: closed
Component: HTTP handling | Version: 2.1
Severity: Release blocker | Resolution: fixed
Keywords: keep-alive, server | Triage Stage: Ready for
| checkin
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
-------------------------------------+-------------------------------------
Comment (by Tim Graham <timograham@…>):
In [changeset:"bbe28fa07658f00786dc1d91ee281b4daac22d07" bbe28fa0]:
{{{
#!CommitTicketReference repository=""
revision="bbe28fa07658f00786dc1d91ee281b4daac22d07"
Refs #30015 -- Added 2.1.5 release note and removed 'we' in comments.
}}}
--
Ticket URL: <https://code.djangoproject.com/ticket/30015#comment:6>
Django
-------------------------------------+-------------------------------------
Type: Bug | Status: closed
Component: HTTP handling | Version: 2.1
Severity: Release blocker | Resolution: fixed
Keywords: keep-alive, server | Triage Stage: Ready for
| checkin
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
-------------------------------------+-------------------------------------
Comment (by Tim Graham <timograham@…>):
In [changeset:"08f78a4fc8e7882f9fcad19aa6d497f749a9d261" 08f78a4f]:
{{{
#!CommitTicketReference repository=""
revision="08f78a4fc8e7882f9fcad19aa6d497f749a9d261"
[2.1.x] Fixed #30015 -- Ensured request body is properly consumed for
keep-alive connections.
Backport of b514dc14f4e1c364341f5931b354e83ef15ee12d and
bbe28fa07658f00786dc1d91ee281b4daac22d07 from master.
}}}
--
Ticket URL: <https://code.djangoproject.com/ticket/30015#comment:7>