| 186 | |
| 187 | |
| 188 | def create(req, sock, client, server, cfg): |
| 189 | resp = Response(req, sock, cfg) |
| 190 | |
| 191 | # set initial environ |
| 192 | environ = default_environ(req, sock, cfg) |
| 193 | |
| 194 | # default variables |
| 195 | host = None |
| 196 | script_name = os.environ.get("SCRIPT_NAME", "") |
| 197 | |
| 198 | if req._expected_100_continue: |
| 199 | sock.send(b"HTTP/1.1 100 Continue\r\n\r\n") |
| 200 | # rfc9112: Expect MUST be forwarded if the request is forwarded |
| 201 | # N.B. gunicorn just sends at most one - application might send another |
| 202 | |
| 203 | # add the headers to the environ |
| 204 | for hdr_name, hdr_value in req.headers: |
| 205 | if hdr_name == 'HOST': |
| 206 | host = hdr_value |
| 207 | elif hdr_name == "SCRIPT_NAME": |
| 208 | script_name = hdr_value |
| 209 | elif hdr_name == "CONTENT-TYPE": |
| 210 | environ['CONTENT_TYPE'] = hdr_value |
| 211 | continue |
| 212 | elif hdr_name == "CONTENT-LENGTH": |
| 213 | environ['CONTENT_LENGTH'] = hdr_value |
| 214 | continue |
| 215 | |
| 216 | # do not change lightly, this is a common source of security problems |
| 217 | # RFC9110 Section 17.10 discourages ambiguous or incomplete mappings |
| 218 | key = 'HTTP_' + hdr_name.replace('-', '_') |
| 219 | if key in environ: |
| 220 | hdr_value = "%s,%s" % (environ[key], hdr_value) |
| 221 | environ[key] = hdr_value |
| 222 | |
| 223 | # set the url scheme |
| 224 | environ['wsgi.url_scheme'] = req.scheme |
| 225 | |
| 226 | # set the REMOTE_* keys in environ |
| 227 | # authors should be aware that REMOTE_HOST and REMOTE_ADDR |
| 228 | # may not qualify the remote addr: |
| 229 | # http://www.ietf.org/rfc/rfc3875 |
| 230 | if isinstance(client, str): |
| 231 | environ['REMOTE_ADDR'] = client |
| 232 | elif isinstance(client, bytes): |
| 233 | environ['REMOTE_ADDR'] = client.decode() |
| 234 | else: |
| 235 | environ['REMOTE_ADDR'] = client[0] |
| 236 | environ['REMOTE_PORT'] = str(client[1]) |
| 237 | |
| 238 | # handle the SERVER_* |
| 239 | # Normally only the application should use the Host header but since the |
| 240 | # WSGI spec doesn't support unix sockets, we are using it to create |
| 241 | # viable SERVER_* if possible. |
| 242 | if isinstance(server, str): |
| 243 | server = server.split(":") |
| 244 | if len(server) == 1: |
| 245 | # unix socket |