Skip to content

Commit 034336c

Browse files
donBarbosdonBarbos
committed
Add suggestions
1 parent f55d340 commit 034336c

File tree

1 file changed

+51
-50
lines changed

1 file changed

+51
-50
lines changed

Doc/library/http.server.rst

Lines changed: 51 additions & 50 deletions
Original file line numberDiff line numberDiff line change
@@ -418,6 +418,56 @@ the current directory::
418418
such as using different index file names by overriding the class attribute
419419
:attr:`index_pages`.
420420

421+
422+
.. class:: CGIHTTPRequestHandler(request, client_address, server)
423+
424+
This class is used to serve either files or output of CGI scripts from the
425+
current directory and below. Note that mapping HTTP hierarchic structure to
426+
local directory structure is exactly as in :class:`SimpleHTTPRequestHandler`.
427+
428+
.. note::
429+
430+
CGI scripts run by the :class:`CGIHTTPRequestHandler` class cannot execute
431+
redirects (HTTP code 302), because code 200 (script output follows) is
432+
sent prior to execution of the CGI script. This pre-empts the status
433+
code.
434+
435+
The class will however, run the CGI script, instead of serving it as a file,
436+
if it guesses it to be a CGI script. Only directory-based CGI are used ---
437+
the other common server configuration is to treat special extensions as
438+
denoting CGI scripts.
439+
440+
The :func:`do_GET` and :func:`do_HEAD` functions are modified to run CGI scripts
441+
and serve the output, instead of serving files, if the request leads to
442+
somewhere below the ``cgi_directories`` path.
443+
444+
The :class:`CGIHTTPRequestHandler` defines the following data member:
445+
446+
.. attribute:: cgi_directories
447+
448+
This defaults to ``['/cgi-bin', '/htbin']`` and describes directories to
449+
treat as containing CGI scripts.
450+
451+
The :class:`CGIHTTPRequestHandler` defines the following method:
452+
453+
.. method:: do_POST()
454+
455+
This method serves the ``'POST'`` request type, only allowed for CGI
456+
scripts. Error 501, "Can only POST to CGI scripts", is output when trying
457+
to POST to a non-CGI url.
458+
459+
Note that CGI scripts will be run with UID of user nobody, for security
460+
reasons. Problems with the CGI script will be translated to error 403.
461+
462+
.. deprecated-removed:: 3.13 3.15
463+
464+
:class:`CGIHTTPRequestHandler` is being removed in 3.15. CGI has not
465+
been considered a good way to do things for well over a decade. This code
466+
has been unmaintained for a while now and sees very little practical use.
467+
Retaining it could lead to further :ref:`security considerations
468+
<http.server-security>`.
469+
470+
421471
.. _http-server-cli:
422472

423473
Command-line interface
@@ -427,7 +477,7 @@ Command-line interface
427477
switch of the interpreter. Similar to
428478
the previous example, this serves files relative to the current directory::
429479

430-
python -m http.server
480+
python -m http.server [OPTIONS] [port]
431481

432482
The following options are accepted:
433483

@@ -493,55 +543,6 @@ The following options are accepted:
493543
to exploitation. Always use within a secure environment.
494544

495545

496-
.. class:: CGIHTTPRequestHandler(request, client_address, server)
497-
498-
This class is used to serve either files or output of CGI scripts from the
499-
current directory and below. Note that mapping HTTP hierarchic structure to
500-
local directory structure is exactly as in :class:`SimpleHTTPRequestHandler`.
501-
502-
.. note::
503-
504-
CGI scripts run by the :class:`CGIHTTPRequestHandler` class cannot execute
505-
redirects (HTTP code 302), because code 200 (script output follows) is
506-
sent prior to execution of the CGI script. This pre-empts the status
507-
code.
508-
509-
The class will however, run the CGI script, instead of serving it as a file,
510-
if it guesses it to be a CGI script. Only directory-based CGI are used ---
511-
the other common server configuration is to treat special extensions as
512-
denoting CGI scripts.
513-
514-
The :func:`do_GET` and :func:`do_HEAD` functions are modified to run CGI scripts
515-
and serve the output, instead of serving files, if the request leads to
516-
somewhere below the ``cgi_directories`` path.
517-
518-
The :class:`CGIHTTPRequestHandler` defines the following data member:
519-
520-
.. attribute:: cgi_directories
521-
522-
This defaults to ``['/cgi-bin', '/htbin']`` and describes directories to
523-
treat as containing CGI scripts.
524-
525-
The :class:`CGIHTTPRequestHandler` defines the following method:
526-
527-
.. method:: do_POST()
528-
529-
This method serves the ``'POST'`` request type, only allowed for CGI
530-
scripts. Error 501, "Can only POST to CGI scripts", is output when trying
531-
to POST to a non-CGI url.
532-
533-
Note that CGI scripts will be run with UID of user nobody, for security
534-
reasons. Problems with the CGI script will be translated to error 403.
535-
536-
.. deprecated-removed:: 3.13 3.15
537-
538-
:class:`CGIHTTPRequestHandler` is being removed in 3.15. CGI has not
539-
been considered a good way to do things for well over a decade. This code
540-
has been unmaintained for a while now and sees very little practical use.
541-
Retaining it could lead to further :ref:`security considerations
542-
<http.server-security>`.
543-
544-
545546
.. _http.server-security:
546547

547548
Security Considerations

0 commit comments

Comments
 (0)