b36ffe6179
* Add a new bounded_stream property that can be used for more predictable behavior vs. stream, albeit with a slight performance overhead (the app developer is free to decide whether or not to use it). * Only automatically consume the incoming stream on POST requests, since that is the only time form-encoded params should be included in the body (vs. the query string). This guards against unexpected side-effects caused by misbehaving or even malicious clients. * Check Content-Length to ensure a body is expected, before attempting to parse form-encoded POSTs. Also pass the Content-Length to stream.read as an extra safety measure to guard against differences in WSGI input read() behavior. * Improve the documentation surrounding all of these behaviors. Fixes #407
13 lines
392 B
Python
13 lines
392 B
Python
import pytest
|
|
|
|
import falcon
|
|
|
|
|
|
# NOTE(kgriffs): Some modules actually run a wsgiref server, so
|
|
# to ensure we reset the detection for the other modules, we just
|
|
# run this fixture before each one is tested.
|
|
@pytest.fixture(autouse=True, scope='module')
|
|
def reset_request_stream_detection():
|
|
falcon.Request._wsgi_input_type_known = False
|
|
falcon.Request._always_wrap_wsgi_input = False
|