Created

Embed URL

HTTPS clone URL

SSH clone URL

You can clone with HTTPS or SSH.

Download Gist

Example code to trigger Content-Type response header corruption in versions of mod_wsgi up to and including version 3.3.

View gist:14b31ebe18166a89b090
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43
import functools
 
import threading
import time
import random
 
def run(*args):
while True:
items = []
for i in range(1000):
items.append((int(random.random()*20)*'X'))
time.sleep(0.00001)
 
thread = threading.Thread(target=run)
thread.start()
 
def headers():
return [('Content-Type', 'text/plain'.upper().lower())]
 
def response():
yield 'Hello World!\n'
 
_content_type_cache = {}
 
def intern_content_type(application):
@functools.wraps(application)
def _wrapper(environ, start_response):
def _start_response(status, headers, *args):
_headers = []
for header, value in headers:
if header.lower() == 'content-type':
value = _content_type_cache.setdefault(value, value)
_headers.append((header, value))
return start_response(status, _headers, *args)
return application(environ, _start_response)
return _wrapper
 
#@intern_content_type
def application(environ, start_response):
status = '200 OK'
 
start_response(status, headers())
return response()
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Something went wrong with that request. Please try again.