Run iri_to_uri on header values (#11439)

* Run iri_to_uri on header values

This fixes #11403

* Escape in the right place

* Remove _convert_to_charset logic and fix test

Author: ericholscher

readthedocs/proxito/middleware.py

@@ -15,10 +15,10 @@
 )
 from django.conf import settings
 from django.core.exceptions import SuspiciousOperation
-from django.http.response import BadHeaderError, ResponseHeaders
 from django.shortcuts import redirect
 from django.urls import reverse
 from django.utils.deprecation import MiddlewareMixin
+from django.utils.encoding import iri_to_uri
 from django.utils.html import escape
 
 from readthedocs.builds.models import Version
@@ -373,23 +373,9 @@ def _get_https_redirect(self, request):
     def add_resolver_headers(self, request, response):
         if request.unresolved_url is not None:
             # TODO: add more ``X-RTD-Resolver-*`` headers
-            header_value = escape(request.unresolved_url.filename)
-            try:
-                # Use Django internals to validate the header's value before injecting it.
-                ResponseHeaders({})._convert_to_charset(
-                    header_value,
-                    "latin-1",
-                    mime_encode=True,
-                )
-
-                response["X-RTD-Resolver-Filename"] = header_value
-            except BadHeaderError:
-                # Skip adding the header because it fails validation
-                log.info(
-                    "Skip adding X-RTD-Resolver-Filename header due to invalid value.",
-                    filename=request.unresolved_url.filename,
-                    value=header_value,
-                )
+            uri_filename = iri_to_uri(request.unresolved_url.filename)
+            header_value = escape(uri_filename)
+            response["X-RTD-Resolver-Filename"] = header_value
 
     def process_response(self, request, response):  # noqa
         self.add_proxito_headers(request, response)

readthedocs/proxito/tests/test_headers.py

@@ -75,6 +75,29 @@ def test_serve_headers_with_path(self):
             "/proxito/media/html/project/latest/guides/jupyter/gallery.html",
         )
 
+    # refs https://read-the-docs.sentry.io/issues/5019718893/
+    def test_serve_headers_with_unicode(self):
+        r = self.client.get(
+            "/en/latest/tutorial_1installation.htmlReview%20of%20Failures%20of%0BReview%20of%20Failures%20of%0BPhotovoltaic%20Moduleshotovoltaic%20Modules",
+            secure=True,
+            headers={"host": "project.dev.readthedocs.io"},
+        )
+        self.assertEqual(r.status_code, 200)
+        self.assertEqual(r["Cache-Tag"], "project,project:latest")
+        self.assertEqual(r["X-RTD-Domain"], "project.dev.readthedocs.io")
+        self.assertEqual(r["X-RTD-Project"], "project")
+        self.assertEqual(r["X-RTD-Project-Method"], "public_domain")
+        self.assertEqual(r["X-RTD-Version"], "latest")
+        self.assertEqual(r["X-RTD-version-Method"], "path")
+        self.assertEqual(
+            r["X-RTD-Resolver-Filename"],
+            "/tutorial_1installation.htmlReview%20of%20Failures%20of%0BReview%20of%20Failures%20of%0BPhotovoltaic%20Moduleshotovoltaic%20Modules",
+        )
+        self.assertEqual(
+            r["X-RTD-Path"],
+            "/proxito/media/html/project/latest/tutorial_1installation.htmlReview%20of%20Failures%20of%0BReview%20of%20Failures%20of%0BPhotovoltaic%20Moduleshotovoltaic%20Modules",
+        )
+
     def test_subproject_serve_headers(self):
         r = self.client.get(
             "/projects/subproject/en/latest/",

readthedocs/proxito/tests/test_old_redirects.py

@@ -1397,7 +1397,6 @@ def test_redirect_exact_with_wildcard_crossdomain(self):
             r = self.client.get(url, headers={"host": "project.dev.readthedocs.io"})
             self.assertEqual(r.status_code, 302, url)
             self.assertEqual(r["Location"], expected_location, url)
-            self.assertNotIn("X-RTD-Resolver-Filename", r.headers)
 
     def test_redirect_html_to_clean_url_crossdomain(self):
         """