Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Quoted / character in URL becomes unquoted #6446

Closed
nicolasbock opened this issue Apr 25, 2019 · 3 comments
Closed

Quoted / character in URL becomes unquoted #6446

nicolasbock opened this issue Apr 25, 2019 · 3 comments
Labels
auto-locked Outdated issues that have been locked by automation C: finder PackageFinder and index related code type: bug A confirmed bug or unintended behavior

Comments

@nicolasbock
Copy link
Contributor

nicolasbock commented Apr 25, 2019
edited
Loading

Quoted / characters in the TOKEN part of URLs of the form https://domain_name.org/TOKEN/package_name/package-version.tar.gz become unquoted. This is incorrect as the unquoted / is interpreted as a path separator.

This issue came out of the discussion on issue #6437 , in particular from this comment. @cwharland , please feel free to add more details in case I have missed something.
@nicolasbock nicolasbock mentioned this issue Apr 25, 2019
Closed
@cjerdonek cjerdonek added C: finder PackageFinder and index related code type: bug A confirmed bug or unintended behavior labels Apr 25, 2019
@cwharland
Copy link

We ended up solving this on our end by changing the way our private pypi service constructs URLs. We realized that our solution had been accidentally working as the TOKEN was allowed to have / (as AWS provides tokens with that character) so any reasonable URL handler would (and probably should) interpret that as a path separator.

So our use of TOKEN as a path parameter in a REST call was invalid. We fixed it on our end in two steps:

  1. We modified our pip wrapper to produce tokens without a / by hex encoding them
  2. We modified our pypi service to hex decode the path parameter

This was a work around as we weren't sure if pip supported query params (the better solution) in extra-url.

@cjerdonek
Copy link
Member

@nicolasbock Did you want to work on this?

@atugushev atugushev mentioned this issue Aug 31, 2019
Closed
@uranusjr
Copy link
Member

I think this can be closed since #7596 fixes the originally reported issue, and #7605 filed as a follow-up.

@lock lock bot added the auto-locked Outdated issues that have been locked by automation label Mar 17, 2020
@lock lock bot locked as resolved and limited conversation to collaborators Mar 17, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
auto-locked Outdated issues that have been locked by automation C: finder PackageFinder and index related code type: bug A confirmed bug or unintended behavior
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

[WIP] Fix incorrect quoting Link.url atugushev/pip
5 participants
@cjerdonek @uranusjr @nicolasbock @cwharland @pradyunsg