Blame SOURCES/python-requests-remove-authentication-header-on-redirect.patch
|
|
4100f1 |
From e8f0b01b5a092ec0dc36994d7331fd5bc21570b8 Mon Sep 17 00:00:00 2001
|
|
|
4100f1 |
From: "Endi S. Dewata" <edewata@redhat.com>
|
|
|
4100f1 |
Date: Thu, 13 Feb 2014 16:54:15 -0500
|
|
|
4100f1 |
Subject: [PATCH] Remove authentication header on redirect.
|
|
|
4100f1 |
|
|
|
4100f1 |
Resolves: rhbz#1046629
|
|
|
4100f1 |
---
|
|
|
4100f1 |
requests/sessions.py | 11 ++++++++++-
|
|
|
4100f1 |
1 file changed, 10 insertions(+), 1 deletion(-)
|
|
|
4100f1 |
|
|
|
4100f1 |
diff --git a/requests/sessions.py b/requests/sessions.py
|
|
|
4100f1 |
index d65877c..be1a1c8 100644
|
|
|
4100f1 |
--- a/requests/sessions.py
|
|
|
4100f1 |
+++ b/requests/sessions.py
|
|
|
4100f1 |
@@ -119,11 +119,20 @@ class SessionRedirectMixin(object):
|
|
|
4100f1 |
except KeyError:
|
|
|
4100f1 |
pass
|
|
|
4100f1 |
|
|
|
4100f1 |
+ if 'Authorization' in headers:
|
|
|
4100f1 |
+ # If we get redirected to a new host, we should strip out any
|
|
|
4100f1 |
+ # authentication headers.
|
|
|
4100f1 |
+ original_parsed = urlparse(resp.request.url)
|
|
|
4100f1 |
+ redirect_parsed = urlparse(url)
|
|
|
4100f1 |
+
|
|
|
4100f1 |
+ if (original_parsed.hostname != redirect_parsed.hostname):
|
|
|
4100f1 |
+ del headers['Authorization']
|
|
|
4100f1 |
+
|
|
|
4100f1 |
resp = self.request(
|
|
|
4100f1 |
url=url,
|
|
|
4100f1 |
method=method,
|
|
|
4100f1 |
headers=headers,
|
|
|
4100f1 |
- auth=req.auth,
|
|
|
4100f1 |
+ auth=None, # Reset authentication data.
|
|
|
4100f1 |
cookies=req.cookies,
|
|
|
4100f1 |
allow_redirects=False,
|
|
|
4100f1 |
stream=stream,
|
|
|
4100f1 |
--
|
|
|
4100f1 |
1.8.3.1
|
|
|
4100f1 |
|