development server discards header keys with underscores (#2622)

pallets · Mar 17, 2023 · 36cea62 · 36cea62
2 parents 77c420b + 5ee439a
commit 36cea62
Show file tree

Hide file tree

Showing 2 changed files with 5 additions and 0 deletions.
diff --git a/CHANGES.rst b/CHANGES.rst
@@ -71,6 +71,8 @@ Unreleased
     request stream up to 10GB or 1000 reads. This allows clients to see a 413 error if
     ``max_content_length`` is exceeded, instead of a "connection reset" failure.
     :pr:`2620`
+-   The development server discards header keys that contain underscores ``_``, as they
+    are ambiguous with dashes ``-`` in WSGI. :pr:`2621`
 
 
 Version 2.2.3

diff --git a/src/werkzeug/serving.py b/src/werkzeug/serving.py
@@ -202,6 +202,9 @@ def make_environ(self) -> "WSGIEnvironment":
         }
 
         for key, value in self.headers.items():
+            if "_" in key:
+                continue
+
             key = key.upper().replace("-", "_")
             value = value.replace("\r\n", "")
             if key not in ("CONTENT_TYPE", "CONTENT_LENGTH"):