diff --git a/SOURCES/python-requests-remove-authentication-header-on-redirect.patch b/SOURCES/python-requests-remove-authentication-header-on-redirect.patch new file mode 100644 index 0000000..0eeb8fc --- /dev/null +++ b/SOURCES/python-requests-remove-authentication-header-on-redirect.patch @@ -0,0 +1,39 @@ +From e8f0b01b5a092ec0dc36994d7331fd5bc21570b8 Mon Sep 17 00:00:00 2001 +From: "Endi S. Dewata" +Date: Thu, 13 Feb 2014 16:54:15 -0500 +Subject: [PATCH] Remove authentication header on redirect. + +Resolves: rhbz#1046629 +--- + requests/sessions.py | 11 ++++++++++- + 1 file changed, 10 insertions(+), 1 deletion(-) + +diff --git a/requests/sessions.py b/requests/sessions.py +index d65877c..be1a1c8 100644 +--- a/requests/sessions.py ++++ b/requests/sessions.py +@@ -119,11 +119,20 @@ class SessionRedirectMixin(object): + except KeyError: + pass + ++ if 'Authorization' in headers: ++ # If we get redirected to a new host, we should strip out any ++ # authentication headers. ++ original_parsed = urlparse(resp.request.url) ++ redirect_parsed = urlparse(url) ++ ++ if (original_parsed.hostname != redirect_parsed.hostname): ++ del headers['Authorization'] ++ + resp = self.request( + url=url, + method=method, + headers=headers, +- auth=req.auth, ++ auth=None, # Reset authentication data. + cookies=req.cookies, + allow_redirects=False, + stream=stream, +-- +1.8.3.1 + diff --git a/SPECS/python-requests.spec b/SPECS/python-requests.spec index 52991d0..ebdfb76 100644 --- a/SPECS/python-requests.spec +++ b/SPECS/python-requests.spec @@ -6,7 +6,7 @@ Name: python-requests Version: 1.1.0 -Release: 6%{?dist} +Release: 8%{?dist} Summary: HTTP library, written in Python, for human beings License: ASL 2.0 @@ -23,6 +23,7 @@ Patch1: python-requests-system-chardet-not-charade.patch Patch2: python-requests-system-urllib3.patch # Removed bundled packages. Patch3: python-requests-remove-bundled-packages.patch +Patch4: python-requests-remove-authentication-header-on-redirect.patch BuildArch: noarch BuildRequires: python2-devel @@ -67,6 +68,7 @@ designed to make HTTP requests easy for developers. %patch1 -p1 %patch2 -p1 %patch3 -p1 +%patch4 -p1 # Unbundle the certificate bundle from mozilla. rm -rf requests/cacert.pem @@ -120,6 +122,12 @@ popd %endif %changelog +* Mon Jan 27 2014 Endi S. Dewata - 1.1.0-8 +- Removed authentication header on redirect. + +* Fri Dec 27 2013 Daniel Mach - 1.1.0-7 +- Mass rebuild 2013-12-27 + * Fri Oct 4 2013 Endi S. Dewata - 1.1.0-6 - Removed bundled packages.