Bruce Merry 3331e2aecd Strip Authorization header whenever root URL changes ...

Previously the header was stripped only if the hostname changed, but in
an https -> http redirect that can leak the credentials on the wire
(#4716). Based on with RFC 7235 section 2.2, the header is now stripped
if the "canonical root URL" (scheme+authority) has changed, by checking
scheme, hostname and port.

2018-09-14 10:44:43 +02:00

..

testserver

little modification in consume_socket_content

2016-10-21 16:55:58 +08:00

__init__.py

fix __init__.py

2017-05-26 22:53:28 -04:00

compat.py

making module docstrings and coding comments consistent

2016-07-19 14:51:14 -06:00

conftest.py

making module docstrings and coding comments consistent

2016-07-19 14:51:14 -06:00

test_help.py

Add idna version info to requests.help

2017-07-27 21:33:42 +01:00

test_hooks.py

making module docstrings and coding comments consistent

2016-07-19 14:51:14 -06:00

test_lowlevel.py

Fix a typo in a test docstring

2018-09-13 06:26:59 +01:00

test_packages.py

Fix requests.packages not having package attributes

2017-05-29 17:27:10 -04:00

test_requests.py

Strip Authorization header whenever root URL changes

2018-09-14 10:44:43 +02:00

test_structures.py

revert 8e6e47af and c121b98c

2017-05-04 07:46:59 +02:00

test_testserver.py

skip for now

2017-05-28 13:05:09 -04:00

test_utils.py

Fix assumed hostname when using a 'file' URI scheme adapter

2018-08-13 11:28:35 -05:00

utils.py

making module docstrings and coding comments consistent

2016-07-19 14:51:14 -06:00