Previously we checked that the `request` being sent was an instance of a
PreparedRequest. If a user somehow created a PreparedRequest using a different
Requests library instance, this check makes the request un-sendable.
(This happened recently - unbeknownst to me, my server was running an outdated
version of pip, vulnerable to this issue - pypa/pip#1489, which creates
multiple subdirectories (src/requests, src/requests/requests) when you rerun
pip install --target. So the PreparedRequest was being created in one version
of the library and compared against the other version of the library, and
throwing this exception, even though they were both PreparedRequest instances!)
It would probably be preferable to check the object's behavior (instead of
its type), but a PreparedRequest has a lot of behavior, and it wouldn't be
really feasible or allow us to provide a helpful error message to check all
of it here. Instead flip the conditional to guard against the user sending an
unprepared Request, which should still give us most of the benefits of the
better error message.
Fixes#3102
I only moved the code into a function, there was no actual change to
the code. I added a few tests to ensure we're doing things correctly.
The real point of me doing this is to make it easier to bring back
`strict_mode` functionality. For you requests youngsters in the crowd,
`strict_mode` followed the spec for redirects meaning the method
wouldn't change to a GET. The current code follows the browser
convention of changing the method to a GET when doing a 302 redirect.
However, lots of servers want you to follow the standards (the nerve!)
so I'd like to override the logic. Now that the method changing logic
is in `rebuild_method`, I can simply override that function instead of
overriding the entire `resolve_redirects` function as suggested by
kennethreitz/requests#1325
Specified the default argument for params that have a default in the docstring
so that the default is easier to see from the code. Modified the docstring in
api.py to match the docstring in sessions.py.
It is not clear that :param verify defaults to True. The way the verify
portion of the docstring is written it looks like it defaults to False, and
you have to pass in True if you'd like the SSL cert to be verified, but the
opposite is the case.
RecentlyUsedContainers are threadsafe so they require a lock and as such
cannot be serialized with pickle directly. To handle it, we need to
convert it to a dictionary first and then back when deserializing.
Fixes#2345
This prevents a case where we make a request to URL A, which 301s to B which
would then 301 back to A. Alternatively, for less simple schemes, this will
also prevent us from getting stuck in a loop, e.g., it will prevent the
following from causing an endless loop:
A -> B -> C -> D -> E -> F --
^ \
| /
---<------------<----------<-
Cory Benfield
kennethreitz