Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Swap auth/redirects ordering #1267

Merged
merged 3 commits into from
Sep 10, 2020
Merged

Swap auth/redirects ordering #1267

merged 3 commits into from
Sep 10, 2020

Conversation

tomchristie
Copy link
Member

Internal refactoring to swap the order in which we handle auth/redirects.

Needed because request event hooks ought to be triggered after any initial authentication is applied to the request, but should not re-occur after redirects.

The flow also just generally makes more sense to be now:

Create the request -> Apply any authentication -> Follow any redirects -> Send the request to the network

For the sake of reviews I haven't re-ordered the methods, but I'll issue a follow-up PR to this which will swap them around so that the code ordering follows the execution flow.

@tomchristie tomchristie added the refactor Issues and PRs related to code refactoring label Sep 7, 2020
@tomchristie
Copy link
Member Author

Actually this is more that just a "refactor" - it's actually a bug fix.

For example... currently we strip any Authorization header on cross-domain redirects, so that if we get redirected off-site, we don't blindly trust the new origin with our auth credentials.

However, we're not doing the same behaviour if auth=(<user>, <pass>) or auth=httpx.BasicAuth(...) is used. This PR now includes a test case that is failing against master, but is not failing here.

@tomchristie tomchristie added bug Something isn't working and removed refactor Issues and PRs related to code refactoring labels Sep 9, 2020
florimondmanca
florimondmanca approved these changes Sep 9, 2020
View reviewed changes
Copy link
Member

@florimondmanca florimondmanca left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes, that makes total sense after thinking it through!

@tomchristie tomchristie merged commit 4d950e5 into master Sep 10, 2020
@tomchristie tomchristie deleted the swap-auth-and-redirects branch September 10, 2020 08:12
This was referenced Sep 10, 2020
Merged
Merged
@tomchristie tomchristie mentioned this pull request Sep 21, 2020
Merged
4 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@florimondmanca florimondmanca florimondmanca approved these changes

Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@tomchristie @florimondmanca