| blob | 43784f9e660da51875a641d0e394bb9840b16cc8 |
1 # (c) 2005 Ian Bicking and contributors; written for Paste (http://pythonpaste.org)
2 # Licensed under the MIT license: http://www.opensource.org/licenses/mit-license.php
3 # Also licenced under the Apache License, 2.0: http://opensource.org/licenses/apache2.0.php
4 # Licensed to PSF under a Contributor Agreement
5 """
6 Middleware to check for obedience to the WSGI specification.
8 Some of the things this checks:
10 * Signature of the application and start_response (including that
11 keyword arguments are not used).
13 * Environment checks:
15 - Environment is a dictionary (and not a subclass).
17 - That all the required keys are in the environment: REQUEST_METHOD,
18 SERVER_NAME, SERVER_PORT, wsgi.version, wsgi.input, wsgi.errors,
19 wsgi.multithread, wsgi.multiprocess, wsgi.run_once
21 - That HTTP_CONTENT_TYPE and HTTP_CONTENT_LENGTH are not in the
22 environment (these headers should appear as CONTENT_LENGTH and
23 CONTENT_TYPE).
25 - Warns if QUERY_STRING is missing, as the cgi module acts
26 unpredictably in that case.
28 - That CGI-style variables (that don't contain a .) have
29 (non-unicode) string values
31 - That wsgi.version is a tuple
33 - That wsgi.url_scheme is 'http' or 'https' (@@: is this too
34 restrictive?)
36 - Warns if the REQUEST_METHOD is not known (@@: probably too
37 restrictive).
39 - That SCRIPT_NAME and PATH_INFO are empty or start with /
41 - That at least one of SCRIPT_NAME or PATH_INFO are set.
43 - That CONTENT_LENGTH is a positive integer.
45 - That SCRIPT_NAME is not '/' (it should be '', and PATH_INFO should
46 be '/').
48 - That wsgi.input has the methods read, readline, readlines, and
49 __iter__
51 - That wsgi.errors has the methods flush, write, writelines
53 * The status is a string, contains a space, starts with an integer,
54 and that integer is in range (> 100).
56 * That the headers is a list (not a subclass, not another kind of
57 sequence).
59 * That the items of the headers are tuples of strings.
61 * That there is no 'status' header (that is used in CGI, but not in
62 WSGI).
64 * That the headers don't contain newlines or colons, end in _ or -, or
65 contain characters codes below 037.
67 * That Content-Type is given if there is content (CGI often has a
68 default content type, but WSGI does not).
70 * That no Content-Type is given when there is no content (@@: is this
71 too restrictive?)
73 * That the exc_info argument to start_response is a tuple or None.
75 * That all calls to the writer are with strings, and no other methods
76 on the writer are accessed.
78 * That wsgi.input is used properly:
80 - .read() is called with zero or one argument
82 - That it returns a string
84 - That readline, readlines, and __iter__ return strings
86 - That .close() is not called
88 - No other methods are provided
90 * That wsgi.errors is used properly:
92 - .write() and .writelines() is called with a string
94 - That .close() is not called, and no other methods are provided.
96 * The response iterator:
98 - That it is not a string (it should be a list of a single string; a
99 string will work, but perform horribly).
101 - That .next() returns a string
103 - That the iterator is not iterated over until start_response has
104 been called (that can signal either a server or application
105 error).
107 - That .close() is called (doesn't raise exception, only prints to
108 sys.stderr, because we only know it isn't called when the object
109 is garbage collected).
110 """
114 import re
115 import sys
117 import warnings
123 """
124 Raised in response to WSGI-spec-related warnings
125 """
133 """
134 When applied between a WSGI server and a WSGI application, this
135 middleware will check for WSGI compliancy on a number of levels.
136 This middleware does not modify the request or response in any
137 way, but will throw an AssertionError if anything seems off
138 (except for a failure to close the application iterator, which
139 will be printed to stderr -- there's no way to throw an exception
140 at that point).
141 """
150 # We use this to check if the application returns without
151 # calling start_response:
152 start_response_started = []
184 return lint_app
195 return v
200 return v
208 return lines
214 return
215 yield line
254 # We want to make sure __iter__ is called
266 return self
274 "The application returns and we started iterating over its body, but start_response has not yet been called")
276 return v
309 'QUERY_STRING is not in the WSGI environment; the cgi '
310 'module will use sys.argv when this variable is missing, '
312 WSGIWarning)
316 # Extension, we don't care about its type
317 continue
330 # @@: these need filling out:
335 WSGIWarning)
349 "One of SCRIPT_NAME or PATH_INFO are required (PATH_INFO "
352 "SCRIPT_NAME cannot be '/'; it should instead be '', and "
370 # Implicitly check that we can turn it into an integer:
379 "followed by a single space and a status explanation"
386 header_names = {}
394 "The Status header cannot be used; it conflicts with CGI "
395 "script, and HTTP status is not given through headers "
409 # @@: need one more person to verify this interpretation of RFC 2616
410 # http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html
415 return
424 # More exc_info checks?
427 # Technically a string is legal, which is why it's a really bad
428 # idea, because it may cause the response to be returned
429 # character-by-character
431 "You should not return a string as your application iterator, "