-
-
Notifications
You must be signed in to change notification settings - Fork 2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fix handling of redirects with authentication #9443
base: master
Are you sure you want to change the base?
Conversation
Codecov ReportAll modified and coverable lines are covered by tests ✅
Additional details and impacted files@@ Coverage Diff @@
## master #9443 +/- ##
=======================================
Coverage 98.59% 98.59%
=======================================
Files 105 105
Lines 35097 35121 +24
Branches 4179 4181 +2
=======================================
+ Hits 34604 34628 +24
Misses 329 329
Partials 164 164
Flags with carried forward coverage won't be shown. Click here to find out more. ☔ View full report in Codecov by Sentry. |
9b8f85d
to
f21bc20
Compare
f21bc20
to
b03ff80
Compare
b03ff80
to
549279a
Compare
386ff99
to
fcf5292
Compare
@webknjaz Is anything still required on my end to get this merged? |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Is anything still required on my end to get this merged?
All's good on my side. It'd be nice to have a docstring in the test function, but that's minor. I'll let somebody else merge, though.
fcf5292
to
6e73a2f
Compare
6e73a2f
to
be3fea9
Compare
That proxy test is flakey. I restarted the CI. I'm just about to walk out the door though so will check it when I get back home |
If everything passes, I'll throw it on production and make sure there aren't any unexpected side effects as soon as I have some spare cycles |
What do these changes do?
They make the client ignore auth clashes that are solely due to redirects, in addition to having redirect authentication take precedence over previously set authentication.
Are there changes in behavior for the user?
Users will no longer get a
ValueError
if a website suddenly includes multiple authenticated URLs in its redirect chain (see #9436 for an example).While writing the test, I also wondered what should happen if we already have authentication set and get new authentication in a redirect URL. Mimicking what Chrome seems to be doing in this case, I opted to supersede the auth with that of the redirect. We can of course discuss this and tweak it if needed. I'm also on the fence on whether this warrants a separate PR, so I bundled it for now.
Is it a substantial burden for the maintainers to support this?
Probably not.
Related issue number
Fixes #9436
Checklist
CONTRIBUTORS.txt
CHANGES/
foldername it
<issue_or_pr_num>.<type>.rst
(e.g.588.bugfix.rst
)if you don't have an issue number, change it to the pull request
number after creating the PR
.bugfix
: A bug fix for something the maintainers deemed animproper undesired behavior that got corrected to match
pre-agreed expectations.
.feature
: A new behavior, public APIs. That sort of stuff..deprecation
: A declaration of future API removals and breakingchanges in behavior.
.breaking
: When something public is removed in a breaking way.Could be deprecated in an earlier release.
.doc
: Notable updates to the documentation structure or buildprocess.
.packaging
: Notes for downstreams about unobvious side effectsand tooling. Changes in the test invocation considerations and
runtime assumptions.
.contrib
: Stuff that affects the contributor experience. e.g.Running tests, building the docs, setting up the development
environment.
.misc
: Changes that are hard to assign to any of the abovecategories.
Make sure to use full sentences with correct case and punctuation,
for example:
Use the past tense or the present tense a non-imperative mood,
referring to what's changed compared to the last released version
of this project.