History of changes¶
- Drop support for Python 3.4.
- Support Python 3.8.
- Make error messages returned by match failures less ambiguous (#98).
- Allow a broader range of characters in header values. This violates the RFC, but is apparently required for compatibility with real-world code, like Google Analytics cookies (#57, #58).
- Validate incoming and outgoing request paths for invalid characters. This prevents a variety of potential security issues that have affected other HTTP clients. (#69).
- Force status codes to be integers, thereby allowing stdlib HTTPStatus IntEnums to be used when constructing responses (#72).
- Always return headers as
Backwards incompatible changes:
- h11 now performs stricter validation on outgoing header names and header values: illegal characters are now rejected (example: you can’t put a newline into an HTTP header), and header values with leading/trailing whitespace are also rejected (previously h11 would silently discard the whitespace). All these checks were already performed on incoming headers; this just extends that to outgoing headers.
- New method
Connection.send_failed(), to notify a
Connectionobject when data returned from
Connection.send()was not sent.
- Make sure that when computing the framing headers for HEAD responses, we produce the same results as we would for the corresponding GET.
- Error out if a request has multiple Host: headers.
- Send the Host: header first, as recommended by RFC 7230.
- The Expect: header is case-insensitive, so use case-insensitive matching when looking for 100-continue.
- Better error messages in several cases.
- Provide correct
error_status_hintin exception raised when encountering an invalid
- For better compatibility with broken servers, h11 now tolerates responses where the reason phrase is missing (not just empty).
- Various optimizations and documentation improvements.
New features (backwards compatible):
- Made it so that sentinels are instances of themselves, to enable certain dispatch tricks on
the return value of
Connection.next_event()(see issue #8 for discussion).
Data.chunk_endproperties to the
Dataevent. These provide the user information about where chunk delimiters are in the data stream from the remote peer when chunked transfer encoding is in use. You probably shouldn’t use these, but sometimes there’s no alternative (see issue #19 for discussion).
Response.reasonattribute, making it possible to read or set the textual “reason phrase” on responses (issue #13).
This is the first release since we started using h11 to write non-trivial server code, and this experience triggered a number of substantial API changes.
Backwards incompatible changes:
- Split the old
receive_data()into the new
next_event(), and replaced the old
Pausedpseudo-event with the new
- Simplified the API by replacing the old
Connection.server_statewith the new
- Renamed the old
prepare_to_reuse()to the new
- Removed the
Backwards compatible changes:
- State machine: added a
MUST_CLOSEtransition triggered by our peer being in the
RemoteProtocolError(see Error handling). Use case: HTTP servers want to be able to distinguish between an error that originates locally (which produce a 500 status code) versus errors caused by remote misbehavior (which produce a 4xx status code).
- Changed the
python-h11/<version>. (This is similar to what requests uses, and much more searchable than plain h11.)
- Added a minimal benchmark suite, and used it to make a few small optimizations (maybe ~20% speedup?).
- Initial release.