Bruce Merry 3331e2aecd Strip Authorization header whenever root URL changes ...

Previously the header was stripped only if the hostname changed, but in
an https -> http redirect that can leak the credentials on the wire
(#4716). Based on with RFC 7235 section 2.2, the header is now stripped
if the "canonical root URL" (scheme+authority) has changed, by checking
scheme, hostname and port.

2018-09-14 10:44:43 +02:00

..

__init__.py

v2.19.0

2018-06-12 07:38:10 -07:00

__version__.py

v2.19.1

2018-06-14 06:26:27 -07:00

_internal_utils.py

adding unicode_is_ascii utility function

2016-11-21 08:22:41 -07:00

adapters.py

Misspelled 'proxy' parameter in docstring

2018-06-26 14:58:18 -04:00

api.py

Document that 'params' can also be a list of tuples

2018-07-17 18:55:55 +02:00

auth.py

for RFC-7616 add SHA-256 and SHA-512

2017-11-08 18:32:59 -07:00

certs.py

cleanup certs.py

2017-05-26 23:02:55 -04:00

compat.py

Separate collections from collections.abc

2018-06-11 22:14:59 -07:00

cookies.py

Add return type on cookies.py

2018-08-01 17:21:03 +09:00

exceptions.py

Check if host is invalid for proxy

2017-11-15 08:58:54 -05:00

help.py

Remove remaining references to removed, vendored packages (#4499)

2018-02-17 08:15:54 -06:00

hooks.py

Merge pull request #3429 from nateprewitt/docstring_cleanup

2016-07-20 18:38:38 -04:00

models.py

Document that 'params' can also be a list of tuples

2018-07-17 18:55:55 +02:00

packages.py

Fix requests.packages not having package attributes

2017-05-29 17:27:10 -04:00

sessions.py

Strip Authorization header whenever root URL changes

2018-09-14 10:44:43 +02:00

status_codes.py

Fix an invalid escape sequence

2018-07-09 01:10:00 +08:00

structures.py

Separate collections from collections.abc

2018-06-11 22:14:59 -07:00

utils.py

Fix assumed hostname when using a 'file' URI scheme adapter

2018-08-13 11:28:35 -05:00