Requests: adding cookies with newlines breaks header

What Requests version are you using? The most recent Requests should reject this header.

Ah... it's inside a _container_. It's the latest package version for an
elderly centos version.. all the way down at 2.6.0

Do you know roughly how high a version I'd need to get to test it?

On 18 August 2016 at 09:25, Cory Benfield [email protected] wrote:

What Requests version are you using? The most recent Requests should
reject this header.

—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub
https://github.com/kennethreitz/requests/issues/3521#issuecomment-240656761,
or mute the thread
https://github.com/notifications/unsubscribe-auth/ALks2L_rEJhtfVdxUp7GR_7x4X8ZxbLkks5qhBcTgaJpZM4JnNhV
.

2.11.0 fixed it.

@KatieLucas-Grapeshot you should get an InvalidHeader exception from requests in 2.11+. Below is a quick example in my terminal showing the exception and then try/except with it. Hope this helps!

Python 3.5.2 (default, Jul 28 2016, 21:28:00)
[GCC 4.2.1 Compatible Apple LLVM 7.3.0 (clang-703.0.31)] on darwin
Type "help", "copyright", "credits" or "license" for more information.
>>> import requests
>>> s = requests.Session()
>>> requests.__version__
'2.11.1'
>>> s.headers['Custom'] = "\ntest\t"
>>> r = s.post('http://httpbin.org/post', data = {'key':'value'})
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
  File "/Users/clesiemo3/Code/scratchenv/lib/python3.5/site-packages/requests/sessions.py", line 522, in post
    return self.request('POST', url, data=data, json=json, **kwargs)
  File "/Users/clesiemo3/Code/scratchenv/lib/python3.5/site-packages/requests/sessions.py", line 461, in request
    prep = self.prepare_request(req)
  File "/Users/clesiemo3/Code/scratchenv/lib/python3.5/site-packages/requests/sessions.py", line 394, in prepare_request
    hooks=merge_hooks(request.hooks, self.hooks),
  File "/Users/clesiemo3/Code/scratchenv/lib/python3.5/site-packages/requests/models.py", line 295, in prepare
    self.prepare_headers(headers)
  File "/Users/clesiemo3/Code/scratchenv/lib/python3.5/site-packages/requests/models.py", line 409, in prepare_headers
    check_header_validity(header)
  File "/Users/clesiemo3/Code/scratchenv/lib/python3.5/site-packages/requests/utils.py", line 797, in check_header_validity
    raise InvalidHeader("Invalid return character or leading space in header: %s" % name)
requests.exceptions.InvalidHeader: Invalid return character or leading space in header: Custom
>>> try:
...     r = s.post('http://httpbin.org/post', data = {'key':'value'})
... except requests.exceptions.InvalidHeader as e:
...     print(e)
...
Invalid return character or leading space in header: Custom

@clesiemo3 is correct, I got the same error too. But is it valid to throw error for starting header custom ?with \n?

Yes. You _must not_ insert newline characters into headers for any reason.

Then where are we in terms of this issue?

@kedark3 I don't understand the question. The current version of Requests rejects all headers with newline characters in them.

@Lukasa I think they wanted to ask whether this issue should be closed or not.

I believe so. =)

Closed sounds good -- we're just behind on versions here. Sorry!

On 29 August 2016 at 17:09, Cory Benfield [email protected] wrote:

Closed #3521 https://github.com/kennethreitz/requests/issues/3521.

—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
https://github.com/kennethreitz/requests/issues/3521#event-770900973,
or mute the thread
https://github.com/notifications/unsubscribe-auth/ALks2OdSUpWVSxd4xEYBieiYkKEeq_2Dks5qkwRQgaJpZM4JnNhV
.