#21282: The serialize_headers method of HttpResponse fails to handle latin1-compatible values -------------------------------+---------------------------------- Reporter: xelnor | Owner: nobody Type: Bug | Status: new Component: HTTP handling | Version: 1.4 Severity: Normal | Keywords: http header encoding Triage Stage: Unreviewed | Has patch: 1 Easy pickings: 0 | UI/UX: 0 -------------------------------+---------------------------------- If a header value (passed as unicode) contains only ascii data, `serialize_headers()` doesn't fail If it contains characters that can't be encoded in latin1, `serialize_headers()` doesn't fail If it contains only characters valid in latin1, including some outside the ascii range, `serialize_headers()` fails with a `UnicodeDecodeError`.
The culprit seems to lie on line 132 of `django/http/response.py`: that line calls `('%s: %s' % (key, value)).encode('us-ascii')`, but at this point, key is ascii bytes and value is a bytes array containing either latin1-encoded text or mime-encoded utf8 text. Since we're using `unicode_literals`, Python tries `value.decode('ascii')`, which fails if, and only if, value contains latin1 characters outside the ascii range. I have attached a patch containing both a test exhibiting the issue and a patch fixing it (no test failure). Note: This is not a release blocker, since the `serialize_headers()` and its callers (`serialize()` and `__str__()`) aren't used while answering requests. -- Ticket URL: <https://code.djangoproject.com/ticket/21282> Django <https://code.djangoproject.com/> The Web framework for perfectionists with deadlines. -- You received this message because you are subscribed to the Google Groups "Django updates" group. To unsubscribe from this group and stop receiving emails from it, send an email to django-updates+unsubscr...@googlegroups.com. To post to this group, send email to django-updates@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/django-updates/049.699d868ba0b74fad68a42da743fc2e78%40djangoproject.com. For more options, visit https://groups.google.com/groups/opt_out.