[Python-modules-team] Bug#699844: requests mis-treats 303 responses due to a typo
Daniele Tricoli
eriol at mornie.org
Tue Feb 19 01:57:36 UTC 2013
severity 699844 important
thanks
On Saturday 16 February 2013 18:52:21 Daniele Tricoli wrote:
> I will investigate better this.
I have patched httpbin[¹] to accept POST on status codes and I tested more.
>>> import requests
>>> requests.__version__
'0.12.1'
>>> r = requests.post('http://localhost:5000/status/303')
>>> r.history
[<Response [303]>, <Response [302]>]
>>> r.history[1].url
u'http://localhost:5000/redirect/1'
>>> r.text
u'{\n "url": "http://localhost:5000/get",\n "headers": {\n "Host":
"localhost:5000",\n "Accept-Encoding": "identity, deflate, compress,
gzip",\n "Accept": "*/*",\n "User-Agent": "python-requests/0.12.1"\n
},\n "args": {},\n "origin": "127.0.0.1"\n}'
>>> r.url
u'http://localhost:5000/get'
httpbin give this:
127.0.0.1 - - [2013-02-19 02:17:02] "POST /status/303 HTTP/1.1" 303 126
0.001139
127.0.0.1 - - [2013-02-19 02:17:02] "GET /redirect/1 HTTP/1.1" 302 372
0.000594
127.0.0.1 - - [2013-02-19 02:17:02] "GET /get HTTP/1.1" 200 362 0.000809
So it seems fine, but... this is not the complete story.
Using strict_mode make requests fail:
>>> r = requests.post('http://localhost:5000/status/303',
config={'strict_mode': True})
>>> r.url
u'http://localhost:5000/redirect/1'
>>> r.text
u'<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">\n<title>405
Method Not Allowed</title>\n<h1>Method Not Allowed</h1>\n<p>The method POST
is not allowed for the requested URL.</p>\n'
N.B. POST to http://localhost:5000/redirect/1 is not allowed.
From httpbin:
127.0.0.1 - - [2013-02-19 02:39:21] "POST /status/303 HTTP/1.1" 303 126
0.000511
127.0.0.1 - - [2013-02-19 02:39:21] "POST /redirect/1 HTTP/1.1" 405 328
0.000639
The code involved is this (inside models.py):
if r.status_code is codes.see_other:
method = 'GET'
data = None
files = None
else:
method = self.method
When not using strict_mode it works because of this (again in models.py):
if (r.status_code == 303) and self.method != 'HEAD':
method = 'GET'
data = None
files = None
The bug affects also requests 0.12.1 so I'm rasing this again. Thanks to
both, Paul and Jakub! I'm going to fix this now and then I will ask for a
freeze exception.
@Paul: thanks for offering to sponsor me, but I will ask before to my
regular sponsor.
Kind regards,
[¹] https://github.com/kennethreitz/httpbin
--
Daniele Tricoli 'Eriol'
http://mornie.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.alioth.debian.org/pipermail/python-modules-team/attachments/20130219/333198ad/attachment-0001.pgp>
More information about the Python-modules-team
mailing list