If the ``trust_env`` flag is set on a session and ``verify`` is ``True``
or ``None``, the environment is checked for ``CURL_CA_BUNDLE`` and
``REQUESTS_CA_BUNDLE``. Before this patch, if neither existed,
``verify`` would always be set to ``None`` rather than ``True`` even if
it was originally ``True``.
Signed-off-by: Jeremy Cline <jeremy@jcline.org>
Previously we checked that the `request` being sent was an instance of a
PreparedRequest. If a user somehow created a PreparedRequest using a different
Requests library instance, this check makes the request un-sendable.
(This happened recently - unbeknownst to me, my server was running an outdated
version of pip, vulnerable to this issue - pypa/pip#1489, which creates
multiple subdirectories (src/requests, src/requests/requests) when you rerun
pip install --target. So the PreparedRequest was being created in one version
of the library and compared against the other version of the library, and
throwing this exception, even though they were both PreparedRequest instances!)
It would probably be preferable to check the object's behavior (instead of
its type), but a PreparedRequest has a lot of behavior, and it wouldn't be
really feasible or allow us to provide a helpful error message to check all
of it here. Instead flip the conditional to guard against the user sending an
unprepared Request, which should still give us most of the benefits of the
better error message.
Fixes#3102
I only moved the code into a function, there was no actual change to
the code. I added a few tests to ensure we're doing things correctly.
The real point of me doing this is to make it easier to bring back
`strict_mode` functionality. For you requests youngsters in the crowd,
`strict_mode` followed the spec for redirects meaning the method
wouldn't change to a GET. The current code follows the browser
convention of changing the method to a GET when doing a 302 redirect.
However, lots of servers want you to follow the standards (the nerve!)
so I'd like to override the logic. Now that the method changing logic
is in `rebuild_method`, I can simply override that function instead of
overriding the entire `resolve_redirects` function as suggested by
kennethreitz/requests#1325
Specified the default argument for params that have a default in the docstring
so that the default is easier to see from the code. Modified the docstring in
api.py to match the docstring in sessions.py.
jonathan vanasco
kennethreitz