Merge PR #282 by @meaksh

This change populates the `Keep-Alive` header for persistent HTTP/1.1 connections. It helps mitigate race conditions when the client still thinks that the connection is going to persist but the server closes it on timeout meanwhile. The effect of introducing this change is that the HTTP client will now know about the timeout (because it'll be exposed) and won't attept to reuse the connection when it's timed out but hasn't gotten the FIN packet on the underlying TCP connection. Refs: * https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Keep-Alive * https://tools.ietf.org/html/rfc2068#section-19.7.1.1 * https://github.com/meaksh/cheroot/blob/107650d/cheroot/server.py#L736 * https://github.com/meaksh/cheroot/blob/107650d/cheroot/server.py#L1352
cherrypy · Aug 12, 2020 · 4f3906f · 4f3906f
2 parents b6edd3a + 5612915
commit 4f3906f
Show file tree

Hide file tree

Showing 3 changed files with 31 additions and 0 deletions.
diff --git a/CHANGES.rst b/CHANGES.rst
@@ -1,3 +1,16 @@
+.. scm-version-title:: v8.4.3
+
+- :pr:`282`: Fixed a race condition happening when an HTTP
+  client attempts to reuse a persistent HTTP connection after
+  it's been discarded on the server in :py:class:`~cheroot.\
+  server.HTTPRequest` but no TCP FIN packet has been receiced
+  yet over the wire -- by :user:`meaksh`.
+
+  This change populates the ``Keep-Alive`` header exposing
+  the timeout value for persistent HTTP/1.1 connections which
+  helps mitigate such race conditions by letting the client
+  know not to reuse the connection after that time interval.
+
 .. scm-version-title:: v8.4.2
 
 - Fixed a significant performance regression introduced in

diff --git a/cheroot/server.py b/cheroot/server.py
@@ -1175,6 +1175,12 @@ def send_headers(self):
                 if not self.close_connection:
                     self.outheaders.append((b'Connection', b'Keep-Alive'))
 
+        if (b'Connection', b'Keep-Alive') in self.outheaders:
+            self.outheaders.append((
+                b'Keep-Alive',
+                u'timeout={}'.format(self.server.timeout).encode('ISO-8859-1'),
+            ))
+
         if (not self.close_connection) and (not self.chunked_read):
             # Read any remaining request body data on the socket.
             # "If an origin server receives a request that does not include an

diff --git a/cheroot/test/test_conn.py b/cheroot/test/test_conn.py
@@ -385,6 +385,11 @@ def test_keepalive(test_client, http_server_protocol):
     assert status_line[4:] == 'OK'
     assert actual_resp_body == pov.encode()
     assert header_has_value('Connection', 'Keep-Alive', actual_headers)
+    assert header_has_value(
+        'Keep-Alive',
+        'timeout={}'.format(test_client.server_instance.timeout),
+        actual_headers,
+    )
 
     # Remove the keep-alive header again.
     status_line, actual_headers, actual_resp_body = test_client.get(
@@ -396,6 +401,7 @@ def test_keepalive(test_client, http_server_protocol):
     assert status_line[4:] == 'OK'
     assert actual_resp_body == pov.encode()
     assert not header_exists('Connection', actual_headers)
+    assert not header_exists('Keep-Alive', actual_headers)
 
     test_client.server_instance.protocol = original_server_protocol
 
@@ -422,8 +428,14 @@ def request(conn, keepalive=True):
         assert actual_resp_body == pov.encode()
         if keepalive:
             assert header_has_value('Connection', 'Keep-Alive', actual_headers)
+            assert header_has_value(
+                'Keep-Alive',
+                'timeout={}'.format(test_client.server_instance.timeout),
+                actual_headers,
+            )
         else:
             assert not header_exists('Connection', actual_headers)
+            assert not header_exists('Keep-Alive', actual_headers)
 
     disconnect_errors = (
         http_client.BadStatusLine,