kennethreitz/requests
1
0
Fork 0
mirror of https://github.com/kennethreitz/requests.git synced 2026-06-05 22:50:18 +00:00
Code Issues Packages Projects Releases Wiki Activity

Add trusted domains

Browse Source
This commit is contained in:
Jake Treacher
2019-02-15 10:40:24 +08:00
parent c9309e4c59
commit fbe48fbb7c
1 changed files with 8 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files
requests/sessions.py
+8 -1
View File
@@ -94,6 +94,10 @@ def merge_hooks(request_hooks, session_hooks, dict_class=OrderedDict):
class SessionRedirectMixin(object):
def __init__(self):
#: A list of domains that will be excluded from auth stripping
self.trusted_domains = []
def get_redirect_target(self, resp):
"""Receives a Response. Returns a redirect URI or ``None``"""
# Due to the nature of how requests processes redirects this method will
@@ -119,7 +123,8 @@ class SessionRedirectMixin(object):
"""Decide whether Authorization header should be removed when redirecting"""
old_parsed = urlparse(old_url)
new_parsed = urlparse(new_url)
if old_parsed.hostname != new_parsed.hostname:
if (old_parsed.hostname != new_parsed.hostname
and new_parsed.hostname not in self.trusted_domains):
return True
# Special case: allow http -> https redirect when using the standard
# ports. This isn't specified by RFC 7235, but is kept to avoid
@@ -417,6 +422,8 @@ class Session(SessionRedirectMixin):
self.mount('https://', HTTPAdapter())
self.mount('http://', HTTPAdapter())
super().__init__()
def __enter__(self):
return self