fix default handling of HTTP/0.9 requests

picnixz · picnixz · commit 048ee831c4af · 2025-10-02T18:15:31.000+02:00
diff --git a/Lib/http/server.py b/Lib/http/server.py
@@ -302,6 +302,7 @@ def parse_request(self):
         error response has already been sent back.
 
         """
+        is_http_0_9 = False
         self.command = None  # set in case of error on the first line
         self.request_version = version = self.default_request_version
         self.close_connection = True
@@ -359,6 +360,7 @@ def parse_request(self):
                     HTTPStatus.BAD_REQUEST,
                     "Bad HTTP/0.9 request type (%r)" % command)
                 return False
+            is_http_0_9 = True
         self.command, self.path = command, path
 
         # gh-87389: The purpose of replacing '//' with '/' is to protect
@@ -369,22 +371,26 @@ def parse_request(self):
             self.path = '/' + self.path.lstrip('/')  # Reduce to a single /
 
         # Examine the headers and look for a Connection directive.
-        try:
-            self.headers = http.client.parse_headers(self.rfile,
-                                                     _class=self.MessageClass)
-        except http.client.LineTooLong as err:
-            self.send_error(
-                HTTPStatus.REQUEST_HEADER_FIELDS_TOO_LARGE,
-                "Line too long",
-                str(err))
-            return False
-        except http.client.HTTPException as err:
-            self.send_error(
-                HTTPStatus.REQUEST_HEADER_FIELDS_TOO_LARGE,
-                "Too many headers",
-                str(err)
-            )
-            return False
+        # For HTTP/0.9, headers are not expected at all.
+        if is_http_0_9:
+            self.headers = {}
+        else:
+            try:
+                self.headers = http.client.parse_headers(self.rfile,
+                                                         _class=self.MessageClass)
+            except http.client.LineTooLong as err:
+                self.send_error(
+                    HTTPStatus.REQUEST_HEADER_FIELDS_TOO_LARGE,
+                    "Line too long",
+                    str(err))
+                return False
+            except http.client.HTTPException as err:
+                self.send_error(
+                    HTTPStatus.REQUEST_HEADER_FIELDS_TOO_LARGE,
+                    "Too many headers",
+                    str(err)
+                )
+                return False
 
         conntype = self.headers.get('Connection', "")
         if conntype.lower() == 'close':
diff --git a/Lib/test/test_httpservers.py b/Lib/test/test_httpservers.py
@@ -362,6 +362,26 @@ def test_head_via_send_error(self):
             self.assertEqual(b'', data)
 
 
+class HTTP09ServerTestCase(BaseTestCase):
+
+    class request_handler(NoLogRequestHandler, BaseHTTPRequestHandler):
+        """Request handler for HTTP/0.9 server."""
+
+        def do_GET(self):
+            self.wfile.write(f'OK: here is {self.path}\r\n'.encode())
+
+    def setUp(self):
+        super().setUp()
+        self.sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
+        self.sock = self.enterContext(self.sock)
+        self.sock.connect((self.HOST, self.PORT))
+
+    def test_http_0_9_server(self):
+        self.sock.send(b'GET /index.html\r\n')
+        res = self.sock.recv(1024)
+        self.assertEqual(res, b"OK: here is /index.html\r\n")
+
+
 def certdata_file(*path):
     return os.path.join(os.path.dirname(__file__), "certdata", *path)
 
diff --git a/Misc/NEWS.d/next/Library/2025-10-02-17-40-10.gh-issue-70765.zVlLZn.rst b/Misc/NEWS.d/next/Library/2025-10-02-17-40-10.gh-issue-70765.zVlLZn.rst
@@ -0,0 +1,5 @@
+:mod:`http.server`: fix default handling of HTTP/0.9 requests in
+:class:`~http.server.BaseHTTPRequestHandler`. Previously,
+:meth:`!BaseHTTPRequestHandler.parse_request`` incorrectly
+waited for headers in the request although those are not
+supported in HTTP/0.9. Patch by Bénédikt Tran.
