1. cherrypy
  2. CherryPy

Commits

Robert Brewer  committed 0c3a79e

Fix for #527 (fragments in Request-URI). The builtin WSGI server now returns "400 Bad Request".

  • Participants
  • Parent commits 9132c81
  • Branches default

Comments (0)

Files changed (1)

File cherrypy/_cpwsgiserver.py

View file
         
         # path may be an abs_path (including "http://host.domain.tld");
         scheme, location, path, params, qs, frag = urlparse(path)
+        
+        if frag:
+            self.simple_response("400 Bad Request",
+                                 "Illegal #fragment in Request-URI.")
+            return
+        
         if scheme:
             self.environ["wsgi.url_scheme"] = scheme
         if params: