Issue 22946: urllib gives incorrect url after open when using HTTPS (original) (raw)

Created on 2014-11-26 10:37 by John.McKay, last changed 2022-04-11 14:58 by admin.

Messages (6)
msg231702 - (view)	Author: John McKay (John.McKay) *	Date: 2014-11-26 10:37
After getting a sucessfull response, _open_generic_http will overwrite the the start of the url to be http: regardless of if it was called from open_http() or open_https(). This causes it to appear as if you were redirected to a non-secure site if you check the url properly after an open request. This is especially problematic after being redirected; it appears you were redirected to an insecure version of the site. Attached is a patch to resolve this. It uses the type, which should be correctly set to http or https based on the calling context.
msg231720 - (view)	Author: Benjamin Peterson (benjamin.peterson) *	Date: 2014-11-26 16:11
Thank you for the patch. It would be nice to have a test, too.
msg232203 - (view)	Author: Demian Brecht (demian.brecht) *	Date: 2014-12-05 18:36
+1 to the addition of a test. Also, I know it's only related, but it might be nice to also have this fixed in http_error_default: https://hg.python.org/cpython/file/021c1df36910/Lib/urllib/request.py#l2003.
msg232204 - (view)	Author: John McKay (John.McKay) *	Date: 2014-12-05 18:50
For the test can I assume that we have the openssl binary in the path? The other tests just use a static response to emulate the server, but without being able to use s_client it would be quite a bit more effort to fake a working HTTP server with TLS so that it can be tested properly.
msg232205 - (view)	Author: Benjamin Peterson (benjamin.peterson) *	Date: 2014-12-05 19:52
We have a testing HTTPS server in Lib/test/ssl_servers.py.
msg310535 - (view)	Author: Cheryl Sabella (cheryl.sabella) *	Date: 2018-01-23 22:50
@John.McKay, would you be interested in converting your patch to a Github pull request on the master branch?