Consider using a proper HTTP implementation #19
Labels
Comments
|
I'm scaling down my ambitions for this library. |
|
Re-opening as I discovered h11, a small pure-Python HTTP parser "sans I/O". |
|
Still unsure what problem this issue actually solves... |
|
Security maybe? |
|
I'm working on replacing the stdlib's MIME parser with a bare-bones custom HTTP implementation. This seemed like the path of least effort. |
aaugustin
added a commit
that referenced
this issue
Jul 9, 2017
Given that websockets makes straightforward of HTTP, that websocket implementations can be expected not to exhibit legacy behaviors, and that RFC 7230 deprecates this behavior, parsing HTTP is doable. Thanks https://github.com/njsmith/h11 for providing some inspiration, especially for translating the RFC to regular expressions and figuring out some edge cases. I expect the new implementation to be faster, since it has a much tighter focus than the stdlib's general purpose MIME parser, and possibly more secure, since it was written from the beginning with security as a primary goal (with the caveat that it's new code, which means it's more likely to have security issues). Fix #19.
aaugustin
added a commit
that referenced
this issue
Jul 9, 2017
Given that websockets makes straightforward use of HTTP, that websocket implementations can be expected not to exhibit legacy behaviors, and that RFC 7230 deprecates this behavior, parsing HTTP is doable. Thanks https://github.com/njsmith/h11 for providing some inspiration, especially for translating the RFC to regular expressions and figuring out some edge cases. I expect the new implementation to be faster, since it has a much tighter focus than the stdlib's general purpose MIME parser, and possibly more secure, since it was written from the beginning with security as a primary goal (with the caveat that it's new code, which means it's more likely to have security issues). Fix #19.
aaugustin
added a commit
that referenced
this issue
Jul 9, 2017
Given that websockets makes straightforward use of HTTP, that websocket implementations can be expected not to exhibit legacy behaviors, and that RFC 7230 deprecates this behavior, parsing HTTP is doable. Thanks https://github.com/njsmith/h11 for providing some inspiration, especially for translating the RFC to regular expressions and figuring out some edge cases. I expect the new implementation to be faster, since it has a much tighter focus than the stdlib's general purpose MIME parser, and possibly more secure, since it was written from the beginning with security as a primary goal (with the caveat that it's new code, which means it's more likely to have security issues). Fix #19.
aaugustin
added a commit
that referenced
this issue
Jul 9, 2017
Given that websockets makes straightforward use of HTTP, that websocket implementations can be expected not to exhibit legacy behaviors, and that RFC 7230 deprecates this behavior, parsing HTTP is doable. Thanks https://github.com/njsmith/h11 for providing some inspiration, especially for translating the RFC to regular expressions and figuring out some edge cases. I expect the new implementation to be faster, since it has a much tighter focus than the stdlib's general purpose MIME parser, and possibly more secure, since it was written from the beginning with security as a primary goal (with the caveat that it's new code, which means it's more likely to have security issues). Fix #19.
aaugustin
added a commit
that referenced
this issue
Jul 9, 2017
Given that websockets makes straightforward use of HTTP, that websocket implementations can be expected not to exhibit legacy behaviors, and that RFC 7230 deprecates this behavior, parsing HTTP is doable. Thanks https://github.com/njsmith/h11 for providing some inspiration, especially for translating the RFC to regular expressions and figuring out some edge cases. I expect the new implementation to be faster, since it has a much tighter focus than the stdlib's general purpose MIME parser, and possibly more secure, since it was written from the beginning with security as a primary goal (with the caveat that it's new code, which means it's more likely to have security issues). Fix #19.
aaugustin
added a commit
that referenced
this issue
Jul 17, 2017
Given that websockets makes straightforward use of HTTP, that websocket implementations can be expected not to exhibit legacy behaviors, and that RFC 7230 deprecates this behavior, parsing HTTP is doable. Thanks https://github.com/njsmith/h11 for providing some inspiration, especially for translating the RFC to regular expressions and figuring out some edge cases. I expect the new implementation to be faster, since it has a much tighter focus than the stdlib's general purpose MIME parser, and possibly more secure, since it was written from the beginning with security as a primary goal (with the caveat that it's new code, which means it's more likely to have security issues). Fix #19.
|
Another reason for not relying on a full HTTP implementation: https://tools.ietf.org/html/rfc6455#section-1.7:
|
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
The HTTP parsing and generation code is very simple at this time.
It could be worth relying on an external library for these parts.
The text was updated successfully, but these errors were encountered: