74 lines
2.3 KiB
Diff
74 lines
2.3 KiB
Diff
From accff72ecc2f6cf5a76d9570198a93ac7c90270e Mon Sep 17 00:00:00 2001
|
|
From: Quentin Pradet <quentin.pradet@gmail.com>
|
|
Date: Mon, 17 Jun 2024 11:09:06 +0400
|
|
Subject: [PATCH] Merge pull request from GHSA-34jh-p97f-mpxf
|
|
|
|
* Strip Proxy-Authorization header on redirects
|
|
|
|
* Fix test_retry_default_remove_headers_on_redirect
|
|
|
|
* Set release date
|
|
|
|
Conflict:test/with_dummyserver/test_poolmanager.py hsa not been modified
|
|
because it has been deleted in the pre-phase of the spec file
|
|
Reference:https://github.com/urllib3/urllib3/commit/accff72ecc2f6cf5a76d9570198a93ac7c90270e
|
|
|
|
---
|
|
CHANGES.rst | 6 ++++++
|
|
src/urllib3/util/retry.py | 4 +++-
|
|
test/test_retry.py | 6 +++++-
|
|
3 files changed, 14 insertions(+), 2 deletions(-)
|
|
|
|
diff --git a/CHANGES.rst b/CHANGES.rst
|
|
index 389980f..01ea636 100644
|
|
--- a/CHANGES.rst
|
|
+++ b/CHANGES.rst
|
|
@@ -1,6 +1,12 @@
|
|
Changes
|
|
=======
|
|
|
|
+2.2.2 (2024-06-17)
|
|
+==================
|
|
+
|
|
+- Added the ``Proxy-Authorization`` header to the list of headers to strip from requests when redirecting to a di
|
|
+fferent host. As before, different headers can be set via ``Retry.remove_headers_on_redirect``.
|
|
+
|
|
1.25.9 (2020-04-16)
|
|
-------------------
|
|
|
|
diff --git a/src/urllib3/util/retry.py b/src/urllib3/util/retry.py
|
|
index 20b7f69..b4a2d3d 100644
|
|
--- a/src/urllib3/util/retry.py
|
|
+++ b/src/urllib3/util/retry.py
|
|
@@ -154,7 +154,9 @@ class Retry(object):
|
|
|
|
RETRY_AFTER_STATUS_CODES = frozenset([413, 429, 503])
|
|
|
|
- DEFAULT_REDIRECT_HEADERS_BLACKLIST = frozenset(["Cookie", "Authorization"])
|
|
+ DEFAULT_REDIRECT_HEADERS_BLACKLIST = frozenset(
|
|
+ ["Cookie", "Authorization", "Proxy-Authorization"]
|
|
+ )
|
|
|
|
#: Maximum backoff time.
|
|
BACKOFF_MAX = 120
|
|
diff --git a/test/test_retry.py b/test/test_retry.py
|
|
index 1d21511..0c12014 100644
|
|
--- a/test/test_retry.py
|
|
+++ b/test/test_retry.py
|
|
@@ -270,7 +270,11 @@ class TestRetry(object):
|
|
def test_retry_default_remove_headers_on_redirect(self):
|
|
retry = Retry()
|
|
|
|
- assert retry.remove_headers_on_redirect == {"authorization", "cookie"}
|
|
+ assert retry.remove_headers_on_redirect == {
|
|
+ "authorization",
|
|
+ "proxy-authorization",
|
|
+ "cookie",
|
|
+ }
|
|
|
|
def test_retry_set_remove_headers_on_redirect(self):
|
|
retry = Retry(remove_headers_on_redirect=["X-API-Secret"])
|
|
--
|
|
2.33.0
|
|
|