This also adds certificates for testing purposes and files to make it
easy to generate/regenerate them.
This also replaces an existing test of how we utilize our pool manager
such that we don't connect to badssl.com
Finally, this adds additional context parameters for our pool manager to
account for mTLS certificates used by clients to authenticate to a
server.
Previously, if someone made a request with `verify=False` then made a
request where they expected verification to be enabled to the same host,
they would potentially reuse a connection where TLS had not been
verified.
This fixes that issue.
requests.exceptions.JSONDecodeError are not deserializable: calling
`pickle.dumps` followed by `pickle.loads` will trigger an error.
This is particularly a problem in a process pool, as an attempt to
decode json on an invalid json document will result in the entire
process pool crashing.
This is due to the MRO of the `requests.exceptions.JSONDecodeError`
class: the `__reduce__` method called when pickling an instance is not
the one from the JSON library parent: two out of three args expected
for instantiation will be dropped, and the instance can't be
deserialised.
By specifying in the class which parent `__reduce__` method should be
called, the bug is fixed as all args are carried over in the resulting
pickled bytes.
There are two tests here. One demonstrating existing, correct
behavior for `data=bytes`, and another, failing, test for the case
where `data=string` and the string contains multi-byte UTF-8.
pytest-httpbin<1.0 ships with a server certificate with a commonName but
no subjectAltName. urllib3 2.0 will stop supporting those in the future,
so we want to upgrade pytest-httpbin.
Unfortunately, `test_https_warnings` was relying on this broken
certificate. With this change, we use `trustme` to create a broken
certificate specifically for this test, so that we can upgrade
pytest-httpbin and make sure that other tests relying on httpbin TLS
support will continue to work with urllib3 2.0.
* disallow nan values in json serialize
* test nan value in json post
* added exception for invalid json in request
* use invalid json exception
* invalid json test
The shim is the same on both Python 2 & 3. It is always
collections.OrderedDict. Avoid the indirection and import from Python
stdlib instead.
Keep requests.compat.OrderedDict for backwards compatibility. Some
packages import this.
Previously the header was stripped only if the hostname changed, but in
an https -> http redirect that can leak the credentials on the wire
(#4716). Based on with RFC 7235 section 2.2, the header is now stripped
if the "canonical root URL" (scheme+authority) has changed, by checking
scheme, hostname and port.
>>> from requests import post
>>> r = post("https://example.com", files={"file-name": None})
However, when a param value or json field is None they are not included in the request body.
>>> from requests import get
>>> r = get("https://example.com", params={"file-name": None})
>>> r.request.url
This commit makes the beahviour consistent for files.
According to RFC3986, the authority section can be empty for a given URL,
however, for a proxy URL, it shouldn't be. This patch adds a check to verify
that the parsed URL will have a valid host before creating the proxy manager.
Fixes#4353
Ian Stapleton Cordasco
kennethreitz