Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
Cloud:OpenStack:Newton
python-urllib3
urllib3-remove-authorization-header-when-redire...
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File urllib3-remove-authorization-header-when-redirecting-cross-host.patch of Package python-urllib3
diff --git a/test/test_retry.py b/test/test_retry.py index 1e87585..bc2393b 100644 --- a/test/test_retry.py +++ b/test/test_retry.py @@ -211,3 +211,13 @@ class RetryTest(unittest.TestCase): except MaxRetryError as e: assert 'Caused by redirect' not in str(e) self.assertEqual(str(e.reason), 'conntimeout') + + def test_retry_default_remove_headers_on_redirect(self): + retry = Retry() + + assert list(retry.remove_headers_on_redirect) == ['Authorization'] + + def test_retry_set_remove_headers_on_redirect(self): + retry = Retry(remove_headers_on_redirect=['X-API-Secret']) + + assert list(retry.remove_headers_on_redirect) == ['X-API-Secret'] diff --git a/test/with_dummyserver/test_connectionpool.py b/test/with_dummyserver/test_connectionpool.py index 0f31fa0..05a5f64 100644 --- a/test/with_dummyserver/test_connectionpool.py +++ b/test/with_dummyserver/test_connectionpool.py @@ -14,7 +14,6 @@ except: from urllib import urlencode from .. import ( - requires_network, onlyPy3, onlyPy26OrOlder, TARPIT_HOST, VALID_SOURCE_ADDRESSES, INVALID_SOURCE_ADDRESSES, ) from ..port_helpers import find_unused_port diff --git a/urllib3/connectionpool.py b/urllib3/connectionpool.py index ab634cb..3c3c4af 100644 --- a/urllib3/connectionpool.py +++ b/urllib3/connectionpool.py @@ -683,7 +683,7 @@ class HTTPConnectionPool(ConnectionPool, RequestMethods): raise return response - log.info("Redirecting %s -> %s", url, redirect_location) + log.debug("Redirecting %s -> %s", url, redirect_location) return self.urlopen( method, redirect_location, body, headers, retries=retries, redirect=redirect, diff --git a/urllib3/poolmanager.py b/urllib3/poolmanager.py index 7ed00b1..48ca1dd 100644 --- a/urllib3/poolmanager.py +++ b/urllib3/poolmanager.py @@ -239,8 +239,9 @@ class PoolManager(RequestMethods): kw['assert_same_host'] = False kw['redirect'] = False + if 'headers' not in kw: - kw['headers'] = self.headers + kw['headers'] = self.headers.copy() if self.proxy is not None and u.scheme == "http": response = conn.urlopen(method, url, **kw) @@ -262,6 +263,14 @@ class PoolManager(RequestMethods): if not isinstance(retries, Retry): retries = Retry.from_int(retries, redirect=redirect) + # Strip headers marked as unsafe to forward to the redirected location. + # Check remove_headers_on_redirect to avoid a potential network call within + # conn.is_same_host() which may use socket.gethostbyname() in the future. + if (retries.remove_headers_on_redirect + and not conn.is_same_host(redirect_location)): + for header in retries.remove_headers_on_redirect: + kw['headers'].pop(header, None) + try: retries = retries.increment(method, url, response=response, _pool=conn) except MaxRetryError: diff --git a/urllib3/util/retry.py b/urllib3/util/retry.py index d379833..46e6949 100644 --- a/urllib3/util/retry.py +++ b/urllib3/util/retry.py @@ -113,18 +113,26 @@ class Retry(object): whether we should raise an exception, or return a response, if status falls in ``status_forcelist`` range and retries have been exhausted. + + :param iterable remove_headers_on_redirect: + Sequence of headers to remove from the request when a response + indicating a redirect is returned before firing off the redirected + request. """ DEFAULT_METHOD_WHITELIST = frozenset([ 'HEAD', 'GET', 'PUT', 'DELETE', 'OPTIONS', 'TRACE']) + DEFAULT_REDIRECT_HEADERS_BLACKLIST = frozenset(['Authorization']) + #: Maximum backoff time. BACKOFF_MAX = 120 def __init__(self, total=10, connect=None, read=None, redirect=None, method_whitelist=DEFAULT_METHOD_WHITELIST, status_forcelist=None, backoff_factor=0, raise_on_redirect=True, raise_on_status=True, - _observed_errors=0): + _observed_errors=0, + remove_headers_on_redirect=DEFAULT_REDIRECT_HEADERS_BLACKLIST): self.total = total self.connect = connect @@ -141,6 +149,7 @@ class Retry(object): self.raise_on_redirect = raise_on_redirect self.raise_on_status = raise_on_status self._observed_errors = _observed_errors # TODO: use .history instead? + self.remove_headers_on_redirect = remove_headers_on_redirect def new(self, **kw): params = dict( @@ -152,6 +161,7 @@ class Retry(object): raise_on_redirect=self.raise_on_redirect, raise_on_status=self.raise_on_status, _observed_errors=self._observed_errors, + remove_headers_on_redirect=self.remove_headers_on_redirect ) params.update(kw) return type(self)(**params)
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor