Description
Once request.url is referenced it tries to utf-8 decode. if there are bad continuation bytes this causes an error.
I would think pyramid should test this prior to any request being processed and probably should have a high level callback for bad requests that would result 400/401 type responses.
a/CPX_210929101749/0%DE~%C7%1FY
The above URL should trigger the issue with even a basic hello world app. Might have to change the path a bit.
I can't find any workaround in python. Might be able to use nginx/WAF etc to block prior to hitting the application. If these get through we just throw a 404, but the tween OTEL is using is too low level to workaround.
The fix would probably be to wrap in a try/except on reference to request.url. if you get an error you should handle like an excluded url.