b36ffe6179
* Add a new bounded_stream property that can be used for more predictable behavior vs. stream, albeit with a slight performance overhead (the app developer is free to decide whether or not to use it). * Only automatically consume the incoming stream on POST requests, since that is the only time form-encoded params should be included in the body (vs. the query string). This guards against unexpected side-effects caused by misbehaving or even malicious clients. * Check Content-Length to ensure a body is expected, before attempting to parse form-encoded POSTs. Also pass the Content-Length to stream.read as an extra safety measure to guard against differences in WSGI input read() behavior. * Improve the documentation surrounding all of these behaviors. Fixes #407
1.4 KiB
1.4 KiB