Re: [Django] #36833: HttpRequest.accepted_types incorrectly splits Accept header on commas inside quoted parameter values

[Django]

#36833: HttpRequest.accepted_types incorrectly splits Accept header on commas
inside quoted parameter values
-------------------------------------+-------------------------------------
     Reporter:  Naveed Qadir         |                    Owner:  Naveed
                                     |  Qadir
         Type:  Bug                  |                   Status:  closed
    Component:  HTTP handling        |                  Version:  dev
     Severity:  Normal               |               Resolution:  needsinfo
     Keywords:  HTTP_ACCEPT, accept  |             Triage Stage:
                                     |  Unreviewed
    Has patch:  1                    |      Needs documentation:  0
  Needs tests:  0                    |  Patch needs improvement:  0
Easy pickings:  0                    |                    UI/UX:  0
-------------------------------------+-------------------------------------
Comment (by Naveed Qadir):

 Thanks for the feedback and for pointing me to #35440 — I agree that
 reusing a stdlib-based approach would be preferable if we can do so
 without performance regressions.
 Regarding real-world usage: I’m not aware of common browsers or clients
 emitting Accept headers with quoted parameters containing commas or
 escaped quotes. The change was motivated by spec-permitted behavior and to
 avoid incorrect parsing when such headers do appear, but I agree this is
 rare in practice.
 Given the complexity concerns and the direction of #35440, I’m happy to
 defer this and continue the discussion there.
 Replying to [comment:1 Jacob Walls]:
 > Do you have an example of real-world HTTP traffic that sends params like
 that for the accept header?
 >
 > Looking at the [https://github.com/django/django/pull/20472 provided
 patch], this is too much complexity for the benefit. I'd also expect to
 block this on a resolution for #35440, with the hope that we can leverage
 some existing pattern for param parsing using python's stdlib.
-- 
Ticket URL: <https://code.djangoproject.com/ticket/36833#comment:2>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.

-- 
You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-updates+unsubscr...@googlegroups.com.
To view this discussion visit 
https://groups.google.com/d/msgid/django-updates/0107019b6bb5f727-f326ffb5-1b60-4d45-86b1-3c52d6a2e8c0-000000%40eu-central-1.amazonses.com.