Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix py http parser not treating 204/304/1xx as an empty body #7755

Conversation

bdraco
Copy link
Member

@bdraco bdraco commented Oct 27, 2023

What do these changes do?

There was a disagreement on how to handle 204/304/1xx responses between the c parser and py parser.

204/304/1xx are now always treated as an empty body in the py parser to match the c parser and comply with
https://datatracker.ietf.org/doc/html/rfc9112#section-6.3

Are there changes in behavior for the user?

A empty chunked response body 0\r\n\r\n will no longer be read for 204, 203, 1xx responses when using the py parser. This matches the behavior of the c parser.

Related issue number

Checklist

  • I think the code is well written
  • Unit tests for the changes exist
  • Documentation reflects the changes
  • If you provide code modification, please add yourself to CONTRIBUTORS.txt
    • The format is <Name> <Surname>.
    • Please keep alphabetical order, the file is sorted by names.
  • Add a new news fragment into the CHANGES folder
    • name it <issue_id>.<type> for example (588.bugfix)
    • if you don't have an issue_id change it to the pr id after creating the pr
    • ensure type is one of the following:
      • .feature: Signifying a new feature.
      • .bugfix: Signifying a bug fix.
      • .doc: Signifying a documentation improvement.
      • .removal: Signifying a deprecation or removal of public API.
      • .misc: A ticket has been closed, but it is not of interest to users.
    • Make sure to use full sentences with correct case and punctuation, for example: "Fix issue with non-ascii contents in doctest text files."

TODO:

  • timeline
  • mypy
  • more functional testing

@bdraco bdraco mentioned this pull request Oct 27, 2023
8 tasks
204/304/1xx are now always treated as an empty body in the
py parser to match the c parser and comply with
https://datatracker.ietf.org/doc/html/rfc9112#section-6.3
@bdraco bdraco force-pushed the client_side_ignore_transfer_encoding_304_rfc_9112_sq branch from 0148ef4 to e6695b0 Compare October 27, 2023 16:34
@codecov
Copy link

codecov bot commented Oct 27, 2023

Codecov Report

Merging #7755 (8e75ea6) into master (7a19191) will increase coverage by 0.00%.
The diff coverage is 98.97%.

@@           Coverage Diff           @@
##           master    #7755   +/-   ##
=======================================
  Coverage   97.36%   97.36%           
=======================================
  Files         106      106           
  Lines       31722    31810   +88     
  Branches     3633     3639    +6     
=======================================
+ Hits        30885    30972   +87     
  Misses        633      633           
- Partials      204      205    +1     
Flag Coverage Δ
CI-GHA 97.28% <98.97%> (+<0.01%) ⬆️
OS-Linux 96.96% <98.97%> (+<0.01%) ⬆️
OS-Windows 95.43% <94.89%> (+0.01%) ⬆️
OS-macOS 96.61% <94.89%> (+<0.01%) ⬆️
Py-3.10.11 95.36% <94.89%> (+0.01%) ⬆️
Py-3.10.13 96.82% <98.97%> (+0.01%) ⬆️
Py-3.11.6 96.49% <98.97%> (+<0.01%) ⬆️
Py-3.8.10 95.33% <94.89%> (+0.01%) ⬆️
Py-3.8.18 96.74% <98.97%> (+<0.01%) ⬆️
Py-3.9.13 95.32% <94.89%> (+0.01%) ⬆️
Py-3.9.18 96.77% <98.97%> (+0.01%) ⬆️
Py-pypy7.3.11 96.18% <98.97%> (+0.01%) ⬆️
VM-macos 96.61% <94.89%> (+<0.01%) ⬆️
VM-ubuntu 96.96% <98.97%> (+<0.01%) ⬆️
VM-windows 95.43% <94.89%> (+0.01%) ⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

Files Coverage Δ
aiohttp/client.py 94.45% <ø> (ø)
aiohttp/client_proto.py 96.73% <100.00%> (ø)
aiohttp/helpers.py 95.66% <100.00%> (+0.03%) ⬆️
tests/test_http_parser.py 99.25% <100.00%> (+0.07%) ⬆️
aiohttp/http_parser.py 97.56% <90.00%> (-0.20%) ⬇️

📣 We’re building smart automated test selection to slash your CI/CD build times. Learn more

@bdraco
Copy link
Member Author

bdraco commented Oct 27, 2023

#6446 is a bit of a problem since its a special case

@bdraco
Copy link
Member Author

bdraco commented Oct 27, 2023

the msg.upgrade check looks like it might have a problem

@bdraco
Copy link
Member Author

bdraco commented Oct 27, 2023

not 100% sure if the msg.upgrade check it supposed to apply to chunk and content length or just chunked given 6301d6b

@bdraco
Copy link
Member Author

bdraco commented Oct 27, 2023

I'm not sure its right but I made it or (msg.chunked and not msg.upgrade) so the check is the same.

If its not right it should probably be fixed in another PR as I didn't want to break compatibility.

@bdraco
Copy link
Member Author

bdraco commented Oct 27, 2023

I think this one is ready for another look.

If it looks good I'll start doing production testing

I'm still working through regressions in the other one

aiohttp/http_parser.py Outdated Show resolved Hide resolved
aiohttp/client.py Outdated Show resolved Hide resolved
@Dreamsorcerer
Copy link
Member

This is still marked as a draft, so remember to update that if you think it's ready to merge.

@bdraco
Copy link
Member Author

bdraco commented Oct 29, 2023

This is still marked as a draft, so remember to update that if you think it's ready to merge.

Will do. Still doing functional testing, and need to write the timeline message

@psf-chronographer psf-chronographer bot added the bot:chronographer:provided There is a change note present in this PR label Oct 30, 2023
@bdraco bdraco changed the title Fix py parser not treating 204/304/1xx as an empty body Fix py http parser not treating 204/304/1xx as an empty body Oct 30, 2023
@bdraco bdraco marked this pull request as ready for review October 30, 2023 16:43
@bdraco bdraco requested a review from asvetlov as a code owner October 30, 2023 16:43
@Dreamsorcerer Dreamsorcerer merged commit 6f1315b into aio-libs:master Oct 30, 2023
29 of 34 checks passed
@patchback
Copy link
Contributor

patchback bot commented Oct 30, 2023

Backport to 3.9: 💔 cherry-picking failed — conflicts found

❌ Failed to cleanly apply 6f1315b on top of patchback/backports/3.9/6f1315b1d18a4877574435d7e466405a621b3517/pr-7755

Backporting merged PR #7755 into master

  1. Ensure you have a local repo clone of your fork. Unless you cloned it
    from the upstream, this would be your origin remote.
  2. Make sure you have an upstream repo added as a remote too. In these
    instructions you'll refer to it by the name upstream. If you don't
    have it, here's how you can add it:
    $ git remote add upstream https://github.com/aio-libs/aiohttp.git
  3. Ensure you have the latest copy of upstream and prepare a branch
    that will hold the backported code:
    $ git fetch upstream
    $ git checkout -b patchback/backports/3.9/6f1315b1d18a4877574435d7e466405a621b3517/pr-7755 upstream/3.9
  4. Now, cherry-pick PR Fix py http parser not treating 204/304/1xx as an empty body #7755 contents into that branch:
    $ git cherry-pick -x 6f1315b1d18a4877574435d7e466405a621b3517
    If it'll yell at you with something like fatal: Commit 6f1315b1d18a4877574435d7e466405a621b3517 is a merge but no -m option was given., add -m 1 as follows instead:
    $ git cherry-pick -m1 -x 6f1315b1d18a4877574435d7e466405a621b3517
  5. At this point, you'll probably encounter some merge conflicts. You must
    resolve them in to preserve the patch from PR Fix py http parser not treating 204/304/1xx as an empty body #7755 as close to the
    original as possible.
  6. Push this branch to your fork on GitHub:
    $ git push origin patchback/backports/3.9/6f1315b1d18a4877574435d7e466405a621b3517/pr-7755
  7. Create a PR, ensure that the CI is green. If it's not — update it so that
    the tests and any other checks pass. This is it!
    Now relax and wait for the maintainers to process your pull request
    when they have some cycles to do reviews. Don't worry — they'll tell you if
    any improvements are necessary when the time comes!

🤖 @patchback
I'm built with octomachinery and
my source is open — https://github.com/sanitizers/patchback-github-app.

bdraco added a commit to bdraco/aiohttp that referenced this pull request Oct 30, 2023
…s#7755)

<!-- Thank you for your contribution! -->

There was a disagreement on how to handle 204/304/1xx responses between
the c parser and py parser.

204/304/1xx are now always treated as an empty body in the py parser to
match the c parser and comply with
https://datatracker.ietf.org/doc/html/rfc9112#section-6.3

A empty chunked response body `0\r\n\r\n` will no longer be read for
204, 203, 1xx responses when using the py parser. This matches the
behavior of the c parser.

(cherry picked from commit 6f1315b)
Dreamsorcerer pushed a commit that referenced this pull request Oct 31, 2023
…7768)

There was a disagreement on how to handle 204/304/1xx responses between
the c parser and py parser.

204/304/1xx are now always treated as an empty body in the py parser to
match the c parser and comply with
https://datatracker.ietf.org/doc/html/rfc9112#section-6.3

A empty chunked response body `0\r\n\r\n` will no longer be read for
204, 203, 1xx responses when using the py parser. This matches the
behavior of the c parser.

(cherry picked from commit 6f1315b)
bdraco added a commit to bdraco/aiohttp that referenced this pull request Oct 31, 2023
CONNECT will only have an empty body on 200

fixes a mistake in aio-libs#7755
Dreamsorcerer added a commit that referenced this pull request Nov 2, 2023
<!-- Thank you for your contribution! -->

## What do these changes do?

`Transfer-Encoding` and `Content-Length` will be removed from the server
response when sending a 1xx (Informational), 204 (No Content), or 304
(Not Modified) status since no body is expected for these status codes

- `Content-Length` forbidden on 1xx/204 per
https://datatracker.ietf.org/doc/html/rfc7230#section-3.3.2 and
discouraged on 304 per
https://datatracker.ietf.org/doc/html/rfc7232#section-4.1

We need to ensure `Content-Length` is kept for `HEAD` to ensure
keep-alive works as expected and is allowed per
https://datatracker.ietf.org/doc/html/rfc2616#section-14.13

- `Transfer-Encoding` removed per
https://datatracker.ietf.org/doc/html/rfc9112#section-6.1
> any recipient on the response chain (including the origin server) can
remove transfer codings when they are not needed.

`aiohttp` would incorrectly send an body of `0\r\n\r\n` when `chunked`
was set for `Transfer-Encoding` with the above status code.

This change ensures `aiohttp` does not send these invalid bodies.

## Are there changes in behavior for the user?

The `Transfer-Encoding` and `Content-Length` headers will be removed
when sending a 1xx (Informational), 204 (No Content), or 304 (Not
Modified) except for `HEAD` responses since these status since no body
is expected for these status codes.

An invalid body of `0\r\n\r\n` will no longer be sent with these status
codes.

## Related issue number

<!-- Are there any issues opened that will be resolved by merging this
change? -->

## Checklist

- [x] I think the code is well written
- [x] Unit tests for the changes exist
- [ ] Documentation reflects the changes
- [ ] If you provide code modification, please add yourself to
`CONTRIBUTORS.txt`
  * The format is &lt;Name&gt; &lt;Surname&gt;.
  * Please keep alphabetical order, the file is sorted by names.
- [x] Add a new news fragment into the `CHANGES` folder
  * name it `<issue_id>.<type>` for example (588.bugfix)
* if you don't have an `issue_id` change it to the pr id after creating
the pr
  * ensure type is one of the following:
    * `.feature`: Signifying a new feature.
    * `.bugfix`: Signifying a bug fix.
    * `.doc`: Signifying a documentation improvement.
    * `.removal`: Signifying a deprecation or removal of public API.
* `.misc`: A ticket has been closed, but it is not of interest to users.
* Make sure to use full sentences with correct case and punctuation, for
example: "Fix issue with non-ascii contents in doctest text files."


TODO: 

- [x] figure out why client closes connection on HEAD requests with
content length
- [x] figure out why client functional tests fail with
AIOHTTP_NO_EXTENSIONS=1 `test_keepalive_after_empty_body_status` and
`test_keepalive_after_empty_body_status_stream_response` -- They do not
fail anymore after the fixed in
#7755
- [x] timeline
- [x] more functional testing

---------

Co-authored-by: Sam Bull <git@sambull.org>
bdraco added a commit to bdraco/aiohttp that referenced this pull request Nov 2, 2023
…libs#7756)

<!-- Thank you for your contribution! -->

`Transfer-Encoding` and `Content-Length` will be removed from the server
response when sending a 1xx (Informational), 204 (No Content), or 304
(Not Modified) status since no body is expected for these status codes

- `Content-Length` forbidden on 1xx/204 per
https://datatracker.ietf.org/doc/html/rfc7230#section-3.3.2 and
discouraged on 304 per
https://datatracker.ietf.org/doc/html/rfc7232#section-4.1

We need to ensure `Content-Length` is kept for `HEAD` to ensure
keep-alive works as expected and is allowed per
https://datatracker.ietf.org/doc/html/rfc2616#section-14.13

- `Transfer-Encoding` removed per
https://datatracker.ietf.org/doc/html/rfc9112#section-6.1
> any recipient on the response chain (including the origin server) can
remove transfer codings when they are not needed.

`aiohttp` would incorrectly send an body of `0\r\n\r\n` when `chunked`
was set for `Transfer-Encoding` with the above status code.

This change ensures `aiohttp` does not send these invalid bodies.

The `Transfer-Encoding` and `Content-Length` headers will be removed
when sending a 1xx (Informational), 204 (No Content), or 304 (Not
Modified) except for `HEAD` responses since these status since no body
is expected for these status codes.

An invalid body of `0\r\n\r\n` will no longer be sent with these status
codes.

<!-- Are there any issues opened that will be resolved by merging this
change? -->

- [x] I think the code is well written
- [x] Unit tests for the changes exist
- [ ] Documentation reflects the changes
- [ ] If you provide code modification, please add yourself to
`CONTRIBUTORS.txt`
  * The format is &lt;Name&gt; &lt;Surname&gt;.
  * Please keep alphabetical order, the file is sorted by names.
- [x] Add a new news fragment into the `CHANGES` folder
  * name it `<issue_id>.<type>` for example (588.bugfix)
* if you don't have an `issue_id` change it to the pr id after creating
the pr
  * ensure type is one of the following:
    * `.feature`: Signifying a new feature.
    * `.bugfix`: Signifying a bug fix.
    * `.doc`: Signifying a documentation improvement.
    * `.removal`: Signifying a deprecation or removal of public API.
* `.misc`: A ticket has been closed, but it is not of interest to users.
* Make sure to use full sentences with correct case and punctuation, for
example: "Fix issue with non-ascii contents in doctest text files."

TODO:

- [x] figure out why client closes connection on HEAD requests with
content length
- [x] figure out why client functional tests fail with
AIOHTTP_NO_EXTENSIONS=1 `test_keepalive_after_empty_body_status` and
`test_keepalive_after_empty_body_status_stream_response` -- They do not
fail anymore after the fixed in
aio-libs#7755
- [x] timeline
- [x] more functional testing

---------

Co-authored-by: Sam Bull <git@sambull.org>
(cherry picked from commit f63cf18)
Dreamsorcerer added a commit that referenced this pull request Nov 2, 2023
… (#7778)

<!-- Thank you for your contribution! -->

`Transfer-Encoding` and `Content-Length` will be removed from the server
response when sending a 1xx (Informational), 204 (No Content), or 304
(Not Modified) status since no body is expected for these status codes

- `Content-Length` forbidden on 1xx/204 per
https://datatracker.ietf.org/doc/html/rfc7230#section-3.3.2 and
discouraged on 304 per
https://datatracker.ietf.org/doc/html/rfc7232#section-4.1

We need to ensure `Content-Length` is kept for `HEAD` to ensure
keep-alive works as expected and is allowed per
https://datatracker.ietf.org/doc/html/rfc2616#section-14.13

- `Transfer-Encoding` removed per
https://datatracker.ietf.org/doc/html/rfc9112#section-6.1
> any recipient on the response chain (including the origin server) can
remove transfer codings when they are not needed.

`aiohttp` would incorrectly send an body of `0\r\n\r\n` when `chunked`
was set for `Transfer-Encoding` with the above status code.

This change ensures `aiohttp` does not send these invalid bodies.

The `Transfer-Encoding` and `Content-Length` headers will be removed
when sending a 1xx (Informational), 204 (No Content), or 304 (Not
Modified) except for `HEAD` responses since these status since no body
is expected for these status codes.

An invalid body of `0\r\n\r\n` will no longer be sent with these status
codes.

<!-- Are there any issues opened that will be resolved by merging this
change? -->

- [x] I think the code is well written
- [x] Unit tests for the changes exist
- [ ] Documentation reflects the changes
- [ ] If you provide code modification, please add yourself to
`CONTRIBUTORS.txt`
  * The format is &lt;Name&gt; &lt;Surname&gt;.
  * Please keep alphabetical order, the file is sorted by names.
- [x] Add a new news fragment into the `CHANGES` folder
  * name it `<issue_id>.<type>` for example (588.bugfix)
* if you don't have an `issue_id` change it to the pr id after creating
the pr
* ensure type is one of the following: * `.feature`: Signifying a new
feature. * `.bugfix`: Signifying a bug fix. * `.doc`: Signifying a
documentation improvement. * `.removal`: Signifying a deprecation or
removal of public API.
* `.misc`: A ticket has been closed, but it is not of interest to users.
* Make sure to use full sentences with correct case and punctuation, for
example: "Fix issue with non-ascii contents in doctest text files."

TODO:

- [x] figure out why client closes connection on HEAD requests with
content length
- [x] figure out why client functional tests fail with
AIOHTTP_NO_EXTENSIONS=1 `test_keepalive_after_empty_body_status` and
`test_keepalive_after_empty_body_status_stream_response` -- They do not
fail anymore after the fixed in
#7755
- [x] timeline
- [x] more functional testing

---------

Co-authored-by: Sam Bull <git@sambull.org>
(cherry picked from commit f63cf18)

<!-- Thank you for your contribution! -->

## What do these changes do?

<!-- Please give a short brief about these changes. -->

## Are there changes in behavior for the user?

<!-- Outline any notable behaviour for the end users. -->

## Related issue number

<!-- Are there any issues opened that will be resolved by merging this
change? -->

## Checklist

- [ ] I think the code is well written
- [ ] Unit tests for the changes exist
- [ ] Documentation reflects the changes
- [ ] If you provide code modification, please add yourself to
`CONTRIBUTORS.txt`
  * The format is &lt;Name&gt; &lt;Surname&gt;.
  * Please keep alphabetical order, the file is sorted by names.
- [ ] Add a new news fragment into the `CHANGES` folder
  * name it `<issue_id>.<type>` for example (588.bugfix)
* if you don't have an `issue_id` change it to the pr id after creating
the pr
  * ensure type is one of the following:
    * `.feature`: Signifying a new feature.
    * `.bugfix`: Signifying a bug fix.
    * `.doc`: Signifying a documentation improvement.
    * `.removal`: Signifying a deprecation or removal of public API.
* `.misc`: A ticket has been closed, but it is not of interest to users.
* Make sure to use full sentences with correct case and punctuation, for
example: "Fix issue with non-ascii contents in doctest text files."
renovate bot referenced this pull request in allenporter/pyrainbird Nov 20, 2023
[![Mend Renovate logo
banner](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)

This PR contains the following updates:

| Package | Change | Age | Adoption | Passing | Confidence |
|---|---|---|---|---|---|
| [aiohttp](https://togithub.com/aio-libs/aiohttp) | `==3.8.6` ->
`==3.9.0` |
[![age](https://developer.mend.io/api/mc/badges/age/pypi/aiohttp/3.9.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![adoption](https://developer.mend.io/api/mc/badges/adoption/pypi/aiohttp/3.9.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![passing](https://developer.mend.io/api/mc/badges/compatibility/pypi/aiohttp/3.8.6/3.9.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![confidence](https://developer.mend.io/api/mc/badges/confidence/pypi/aiohttp/3.8.6/3.9.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|

---

### Release Notes

<details>
<summary>aio-libs/aiohttp (aiohttp)</summary>

###
[`v3.9.0`](https://togithub.com/aio-libs/aiohttp/blob/HEAD/CHANGES.rst#390-2023-11-18)

[Compare
Source](https://togithub.com/aio-libs/aiohttp/compare/v3.8.6...v3.9.0)

\==================

## Features

- Introduced `AppKey` for static typing support of `Application`
storage.
See
https://docs.aiohttp.org/en/stable/web_advanced.html#application-s-config

    `#&#8203;5864 <https://github.com/aio-libs/aiohttp/issues/5864>`\_

- Added a graceful shutdown period which allows pending tasks to
complete before the application's cleanup is called.
The period can be adjusted with the `shutdown_timeout` parameter. -- by
:user:`Dreamsorcerer`.
See
https://docs.aiohttp.org/en/latest/web_advanced.html#graceful-shutdown

    `#&#8203;7188 <https://github.com/aio-libs/aiohttp/issues/7188>`\_

- Added `handler_cancellation
<https://docs.aiohttp.org/en/stable/web_advanced.html#web-handler-cancellation>`\_
parameter to cancel web handler on client disconnection. -- by
:user:`mosquito`
This (optionally) reintroduces a feature removed in a previous release.
Recommended for those looking for an extra level of protection against
denial-of-service attacks.

    `#&#8203;7056 <https://github.com/aio-libs/aiohttp/issues/7056>`\_

- Added support for setting response header parameters `max_line_size`
and `max_field_size`.

    `#&#8203;2304 <https://github.com/aio-libs/aiohttp/issues/2304>`\_

- Added `auto_decompress` parameter to `ClientSession.request` to
override `ClientSession._auto_decompress`. -- by :user:`Daste745`

    `#&#8203;3751 <https://github.com/aio-libs/aiohttp/issues/3751>`\_

-   Changed `raise_for_status` to allow a coroutine.

    `#&#8203;3892 <https://github.com/aio-libs/aiohttp/issues/3892>`\_

- Added client brotli compression support (optional with runtime check).

    `#&#8203;5219 <https://github.com/aio-libs/aiohttp/issues/5219>`\_

- Added `client_max_size` to `BaseRequest.clone()` to allow overriding
the request body size. -- :user:`anesabml`.

    `#&#8203;5704 <https://github.com/aio-libs/aiohttp/issues/5704>`\_

-   Added a middleware type alias `aiohttp.typedefs.Middleware`.

    `#&#8203;5898 <https://github.com/aio-libs/aiohttp/issues/5898>`\_

- Exported `HTTPMove` which can be used to catch any redirection request
    that has a location -- :user:`dreamsorcerer`.

    `#&#8203;6594 <https://github.com/aio-libs/aiohttp/issues/6594>`\_

- Changed the `path` parameter in `web.run_app()` to accept a
`pathlib.Path` object.

    `#&#8203;6839 <https://github.com/aio-libs/aiohttp/issues/6839>`\_

- Performance: Skipped filtering `CookieJar` when the jar is empty or
all cookies have expired.

    `#&#8203;7819 <https://github.com/aio-libs/aiohttp/issues/7819>`\_

- Performance: Only check origin if insecure scheme and there are
origins to treat as secure, in `CookieJar.filter_cookies()`.

    `#&#8203;7821 <https://github.com/aio-libs/aiohttp/issues/7821>`\_

- Performance: Used timestamp instead of `datetime` to achieve faster
cookie expiration in `CookieJar`.

    `#&#8203;7824 <https://github.com/aio-libs/aiohttp/issues/7824>`\_

- Added support for passing a custom server name parameter to HTTPS
connection.

    `#&#8203;7114 <https://github.com/aio-libs/aiohttp/issues/7114>`\_

- Added support for using Basic Auth credentials from :file:`.netrc`
file when making HTTP requests with the
:py:class:`~aiohttp.ClientSession` `trust_env` argument is set to
`True`. -- by :user:`yuvipanda`.

    `#&#8203;7131 <https://github.com/aio-libs/aiohttp/issues/7131>`\_

-   Turned access log into no-op when the logger is disabled.

    `#&#8203;7240 <https://github.com/aio-libs/aiohttp/issues/7240>`\_

- Added typing information to `RawResponseMessage`. -- by
:user:`Gobot1234`

    `#&#8203;7365 <https://github.com/aio-libs/aiohttp/issues/7365>`\_

- Removed `async-timeout` for Python 3.11+ (replaced with
`asyncio.timeout()` on newer releases).

    `#&#8203;7502 <https://github.com/aio-libs/aiohttp/issues/7502>`\_

- Added support for `brotlicffi` as an alternative to `brotli` (fixing
Brotli support on PyPy).

    `#&#8203;7611 <https://github.com/aio-libs/aiohttp/issues/7611>`\_

- Added `WebSocketResponse.get_extra_info()` to access a protocol
transport's extra info.

    `#&#8203;7078 <https://github.com/aio-libs/aiohttp/issues/7078>`\_

-   Allow `link` argument to be set to None/empty in HTTP 451 exception.

    `#&#8203;7689 <https://github.com/aio-libs/aiohttp/issues/7689>`\_

## Bugfixes

- Implemented stripping the trailing dots from fully-qualified domain
names in `Host` headers and TLS context when acting as an HTTP client.
This allows the client to connect to URLs with FQDN host name like
`https://example.com./`.
    \-- by :user:`martin-sucha`.

    `#&#8203;3636 <https://github.com/aio-libs/aiohttp/issues/3636>`\_

- Fixed client timeout not working when incoming data is always
available without waiting. -- by :user:`Dreamsorcerer`.

    `#&#8203;5854 <https://github.com/aio-libs/aiohttp/issues/5854>`\_

- Fixed `readuntil` to work with a delimiter of more than one character.

    `#&#8203;6701 <https://github.com/aio-libs/aiohttp/issues/6701>`\_

-   Added `__repr__` to `EmptyStreamReader` to avoid `AttributeError`.

    `#&#8203;6916 <https://github.com/aio-libs/aiohttp/issues/6916>`\_

-   Fixed bug when using `TCPConnector` with `ttl_dns_cache=0`.

    `#&#8203;7014 <https://github.com/aio-libs/aiohttp/issues/7014>`\_

- Fixed response returned from expect handler being thrown away. -- by
:user:`Dreamsorcerer`

    `#&#8203;7025 <https://github.com/aio-libs/aiohttp/issues/7025>`\_

- Avoided raising `UnicodeDecodeError` in multipart and in HTTP headers
parsing.

    `#&#8203;7044 <https://github.com/aio-libs/aiohttp/issues/7044>`\_

- Changed `sock_read` timeout to start after writing has finished,
avoiding read timeouts caused by an unfinished write. -- by
:user:`dtrifiro`

    `#&#8203;7149 <https://github.com/aio-libs/aiohttp/issues/7149>`\_

-   Fixed missing query in tracing method URLs when using `yarl` 1.9+.

    `#&#8203;7259 <https://github.com/aio-libs/aiohttp/issues/7259>`\_

- Changed max 32-bit timestamp to an aware datetime object, for
consistency with the non-32-bit one, and to avoid a `DeprecationWarning`
on Python 3.12.

    `#&#8203;7302 <https://github.com/aio-libs/aiohttp/issues/7302>`\_

- Fixed `EmptyStreamReader.iter_chunks()` never ending. -- by
:user:`mind1m`

    `#&#8203;7616 <https://github.com/aio-libs/aiohttp/issues/7616>`\_

- Fixed a rare `RuntimeError: await wasn't used with future` exception.
-- by :user:`stalkerg`

    `#&#8203;7785 <https://github.com/aio-libs/aiohttp/issues/7785>`\_

-   Fixed issue with insufficient HTTP method and version validation.

    `#&#8203;7700 <https://github.com/aio-libs/aiohttp/issues/7700>`\_

-   Added check to validate that absolute URIs have schemes.

    `#&#8203;7712 <https://github.com/aio-libs/aiohttp/issues/7712>`\_

- Fixed unhandled exception when Python HTTP parser encounters unpaired
Unicode surrogates.

    `#&#8203;7715 <https://github.com/aio-libs/aiohttp/issues/7715>`\_

- Updated parser to disallow invalid characters in header field names
and stop accepting LF as a request line separator.

    `#&#8203;7719 <https://github.com/aio-libs/aiohttp/issues/7719>`\_

-   Fixed Python HTTP parser not treating 204/304/1xx as an empty body.

    `#&#8203;7755 <https://github.com/aio-libs/aiohttp/issues/7755>`\_

-   Ensure empty body response for 1xx/204/304 per RFC 9112 sec 6.3.

    `#&#8203;7756 <https://github.com/aio-libs/aiohttp/issues/7756>`\_

- Fixed an issue when a client request is closed before completing a
chunked payload. -- by :user:`Dreamsorcerer`

    `#&#8203;7764 <https://github.com/aio-libs/aiohttp/issues/7764>`\_

-   Edge Case Handling for ResponseParser for missing reason value.

    `#&#8203;7776 <https://github.com/aio-libs/aiohttp/issues/7776>`\_

- Fixed `ClientWebSocketResponse.close_code` being erroneously set to
`None` when there are concurrent async tasks receiving data and closing
the connection.

    `#&#8203;7306 <https://github.com/aio-libs/aiohttp/issues/7306>`\_

-   Added HTTP method validation.

    `#&#8203;6533 <https://github.com/aio-libs/aiohttp/issues/6533>`\_

- Fixed arbitrary sequence types being allowed to inject values via
version parameter. -- by :user:`Dreamsorcerer`

    `#&#8203;7835 <https://github.com/aio-libs/aiohttp/issues/7835>`\_

- Performance: Fixed increase in latency with small messages from
websocket compression changes.

    `#&#8203;7797 <https://github.com/aio-libs/aiohttp/issues/7797>`\_

## Improved Documentation

- Fixed the `ClientResponse.release`'s type in the doc. Changed from
`comethod` to `method`.

    `#&#8203;5836 <https://github.com/aio-libs/aiohttp/issues/5836>`\_

- Added information on behavior of base_url parameter in
`ClientSession`.

    `#&#8203;6647 <https://github.com/aio-libs/aiohttp/issues/6647>`\_

-   Fixed `ClientResponseError` docs.

    `#&#8203;6700 <https://github.com/aio-libs/aiohttp/issues/6700>`\_

-   Updated Redis code examples to follow the latest API.

    `#&#8203;6907 <https://github.com/aio-libs/aiohttp/issues/6907>`\_

- Added a note about possibly needing to update headers when using
`on_response_prepare`. -- by :user:`Dreamsorcerer`

    `#&#8203;7283 <https://github.com/aio-libs/aiohttp/issues/7283>`\_

- Completed `trust_env` parameter description to honor `wss_proxy`,
`ws_proxy` or `no_proxy` env.

    `#&#8203;7325 <https://github.com/aio-libs/aiohttp/issues/7325>`\_

- Expanded SSL documentation with more examples (e.g. how to use
certifi). -- by :user:`Dreamsorcerer`

    `#&#8203;7334 <https://github.com/aio-libs/aiohttp/issues/7334>`\_

-   Fix, update, and improve client exceptions documentation.

    `#&#8203;7733 <https://github.com/aio-libs/aiohttp/issues/7733>`\_

## Deprecations and Removals

-   Added `shutdown_timeout` parameter to `BaseRunner`, while
deprecating `shutdown_timeout` parameter from `BaseSite`. -- by
:user:`Dreamsorcerer`

    `#&#8203;7718 <https://github.com/aio-libs/aiohttp/issues/7718>`\_

-   Dropped Python 3.6 support.

    `#&#8203;6378 <https://github.com/aio-libs/aiohttp/issues/6378>`\_

-   Dropped Python 3.7 support. -- by :user:`Dreamsorcerer`

    `#&#8203;7336 <https://github.com/aio-libs/aiohttp/issues/7336>`\_

- Removed support for abandoned `tokio` event loop. -- by
:user:`Dreamsorcerer`

    `#&#8203;7281 <https://github.com/aio-libs/aiohttp/issues/7281>`\_

## Misc

-   Made `print` argument in `run_app()` optional.

    `#&#8203;3690 <https://github.com/aio-libs/aiohttp/issues/3690>`\_

-   Improved performance of `ceil_timeout` in some cases.

    `#&#8203;6316 <https://github.com/aio-libs/aiohttp/issues/6316>`\_

- Changed importing Gunicorn to happen on-demand, decreasing import time
by ~53%. -- :user:`Dreamsorcerer`

    `#&#8203;6591 <https://github.com/aio-libs/aiohttp/issues/6591>`\_

- Improved import time by replacing `http.server` with
`http.HTTPStatus`.

    `#&#8203;6903 <https://github.com/aio-libs/aiohttp/issues/6903>`\_

- Fixed annotation of `ssl` parameter to disallow `True`. -- by
:user:`Dreamsorcerer`.

    `#&#8203;7335 <https://github.com/aio-libs/aiohttp/issues/7335>`\_

***

</details>

---

### Configuration

📅 **Schedule**: Branch creation - At any time (no schedule defined),
Automerge - At any time (no schedule defined).

🚦 **Automerge**: Enabled.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR has been generated by [Mend
Renovate](https://www.mend.io/free-developer-tools/renovate/). View
repository job log
[here](https://developer.mend.io/github/allenporter/pyrainbird).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy41OS44IiwidXBkYXRlZEluVmVyIjoiMzcuNTkuOCIsInRhcmdldEJyYW5jaCI6Im1haW4ifQ==-->

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
xiangxli pushed a commit to xiangxli/aiohttp that referenced this pull request Dec 4, 2023
…s#7755) (aio-libs#7768)

There was a disagreement on how to handle 204/304/1xx responses between
the c parser and py parser.

204/304/1xx are now always treated as an empty body in the py parser to
match the c parser and comply with
https://datatracker.ietf.org/doc/html/rfc9112#section-6.3

A empty chunked response body `0\r\n\r\n` will no longer be read for
204, 203, 1xx responses when using the py parser. This matches the
behavior of the c parser.

(cherry picked from commit 6f1315b)
xiangxli pushed a commit to xiangxli/aiohttp that referenced this pull request Dec 4, 2023
…libs#7756) (aio-libs#7778)

<!-- Thank you for your contribution! -->

`Transfer-Encoding` and `Content-Length` will be removed from the server
response when sending a 1xx (Informational), 204 (No Content), or 304
(Not Modified) status since no body is expected for these status codes

- `Content-Length` forbidden on 1xx/204 per
https://datatracker.ietf.org/doc/html/rfc7230#section-3.3.2 and
discouraged on 304 per
https://datatracker.ietf.org/doc/html/rfc7232#section-4.1

We need to ensure `Content-Length` is kept for `HEAD` to ensure
keep-alive works as expected and is allowed per
https://datatracker.ietf.org/doc/html/rfc2616#section-14.13

- `Transfer-Encoding` removed per
https://datatracker.ietf.org/doc/html/rfc9112#section-6.1
> any recipient on the response chain (including the origin server) can
remove transfer codings when they are not needed.

`aiohttp` would incorrectly send an body of `0\r\n\r\n` when `chunked`
was set for `Transfer-Encoding` with the above status code.

This change ensures `aiohttp` does not send these invalid bodies.

The `Transfer-Encoding` and `Content-Length` headers will be removed
when sending a 1xx (Informational), 204 (No Content), or 304 (Not
Modified) except for `HEAD` responses since these status since no body
is expected for these status codes.

An invalid body of `0\r\n\r\n` will no longer be sent with these status
codes.

<!-- Are there any issues opened that will be resolved by merging this
change? -->

- [x] I think the code is well written
- [x] Unit tests for the changes exist
- [ ] Documentation reflects the changes
- [ ] If you provide code modification, please add yourself to
`CONTRIBUTORS.txt`
  * The format is &lt;Name&gt; &lt;Surname&gt;.
  * Please keep alphabetical order, the file is sorted by names.
- [x] Add a new news fragment into the `CHANGES` folder
  * name it `<issue_id>.<type>` for example (588.bugfix)
* if you don't have an `issue_id` change it to the pr id after creating
the pr
* ensure type is one of the following: * `.feature`: Signifying a new
feature. * `.bugfix`: Signifying a bug fix. * `.doc`: Signifying a
documentation improvement. * `.removal`: Signifying a deprecation or
removal of public API.
* `.misc`: A ticket has been closed, but it is not of interest to users.
* Make sure to use full sentences with correct case and punctuation, for
example: "Fix issue with non-ascii contents in doctest text files."

TODO:

- [x] figure out why client closes connection on HEAD requests with
content length
- [x] figure out why client functional tests fail with
AIOHTTP_NO_EXTENSIONS=1 `test_keepalive_after_empty_body_status` and
`test_keepalive_after_empty_body_status_stream_response` -- They do not
fail anymore after the fixed in
aio-libs#7755
- [x] timeline
- [x] more functional testing

---------

Co-authored-by: Sam Bull <git@sambull.org>
(cherry picked from commit f63cf18)

<!-- Thank you for your contribution! -->

<!-- Please give a short brief about these changes. -->

<!-- Outline any notable behaviour for the end users. -->

<!-- Are there any issues opened that will be resolved by merging this
change? -->

- [ ] I think the code is well written
- [ ] Unit tests for the changes exist
- [ ] Documentation reflects the changes
- [ ] If you provide code modification, please add yourself to
`CONTRIBUTORS.txt`
  * The format is &lt;Name&gt; &lt;Surname&gt;.
  * Please keep alphabetical order, the file is sorted by names.
- [ ] Add a new news fragment into the `CHANGES` folder
  * name it `<issue_id>.<type>` for example (588.bugfix)
* if you don't have an `issue_id` change it to the pr id after creating
the pr
  * ensure type is one of the following:
    * `.feature`: Signifying a new feature.
    * `.bugfix`: Signifying a bug fix.
    * `.doc`: Signifying a documentation improvement.
    * `.removal`: Signifying a deprecation or removal of public API.
* `.misc`: A ticket has been closed, but it is not of interest to users.
* Make sure to use full sentences with correct case and punctuation, for
example: "Fix issue with non-ascii contents in doctest text files."
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bot:chronographer:provided There is a change note present in this PR
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants