Skip to content

Commit

Permalink
Merge pull request from GHSA-j8r2-6x86-q33q
Browse files Browse the repository at this point in the history
  • Loading branch information
nateprewitt authored May 22, 2023
1 parent 3022253 commit 74ea7cf
Show file tree
Hide file tree
Showing 2 changed files with 23 additions and 1 deletion.
4 changes: 3 additions & 1 deletion requests/sessions.py
Original file line number Diff line number Diff line change
Expand Up @@ -324,7 +324,9 @@ def rebuild_proxies(self, prepared_request, proxies):
except KeyError:
username, password = None, None

if username and password:
# urllib3 handles proxy authorization for us in the standard adapter.
# Avoid appending this to TLS tunneled requests where it may be leaked.
if not scheme.startswith('https') and username and password:
headers["Proxy-Authorization"] = _basic_auth_str(username, password)

return new_proxies
Expand Down
20 changes: 20 additions & 0 deletions tests/test_requests.py
Original file line number Diff line number Diff line change
Expand Up @@ -647,6 +647,26 @@ def test_proxy_authorization_preserved_on_request(self, httpbin):

assert sent_headers.get("Proxy-Authorization") == proxy_auth_value


@pytest.mark.parametrize(
"url,has_proxy_auth",
(
('http://example.com', True),
('https://example.com', False),
),
)
def test_proxy_authorization_not_appended_to_https_request(self, url, has_proxy_auth):
session = requests.Session()
proxies = {
'http': 'http://test:pass@localhost:8080',
'https': 'http://test:pass@localhost:8090',
}
req = requests.Request('GET', url)
prep = req.prepare()
session.rebuild_proxies(prep, proxies)

assert ('Proxy-Authorization' in prep.headers) is has_proxy_auth

def test_basicauth_with_netrc(self, httpbin):
auth = ("user", "pass")
wrong_auth = ("wronguser", "wrongpass")
Expand Down

0 comments on commit 74ea7cf

Please sign in to comment.