trust_x_headers is not actually applied

[jhnstrk]

The argument trust_x_headers to create_form_parser is currently not applied.

It should be either applied as documented or removed. Currently the argument is never used outside the function definition, and the code behaves as if it is always True, since X-File-Name is always read.

[defnull]

Hmm the X-File-Name header is always used as you say, the trust_x_headers parameter has no effect. That's a bug.

But what surprises me even more is the fact that it's only used in case of an application/octet-stream requests. Why is there an OctetStreamParser in a form parser library to begin with? This special case seems odd, octet streams are just raw data and do not need any parsing. I wonder what the idea was, 11 years ago. I guess some non-standard file upload convention?