summaryrefslogtreecommitdiff
path: root/test/with_dummyserver/test_poolmanager.py
diff options
context:
space:
mode:
authorSeth Michael Larson <sethmichaellarson@gmail.com>2019-04-17 12:46:22 -0500
committerAndrey Petrov <andrey.petrov@shazow.net>2019-04-17 13:46:22 -0400
commit1efadf43dc63317cd9eaa3e0fdb9e05ab07254b1 (patch)
tree34f0dfde40af4843d35aadbd03b4f18b149baf94 /test/with_dummyserver/test_poolmanager.py
parenta6ec68a5c5c5743c59fe5c62c635c929586c429b (diff)
downloadurllib3-release.tar.gz
Release 1.24.2 (#1564)1.24.2release
* Don't load system certificates by default when any other ``ca_certs``, ``ca_certs_dir`` or ``ssl_context`` parameters are specified. * Remove Authorization header regardless of case when redirecting to cross-site. (Issue #1510) * Add support for IPv6 addresses in subjectAltName section of certificates. (Issue #1269)
Diffstat (limited to 'test/with_dummyserver/test_poolmanager.py')
-rw-r--r--test/with_dummyserver/test_poolmanager.py26
1 files changed, 26 insertions, 0 deletions
diff --git a/test/with_dummyserver/test_poolmanager.py b/test/with_dummyserver/test_poolmanager.py
index 2a13722c..3c1eef8d 100644
--- a/test/with_dummyserver/test_poolmanager.py
+++ b/test/with_dummyserver/test_poolmanager.py
@@ -123,6 +123,17 @@ class TestPoolManager(HTTPDummyServerTestCase):
self.assertNotIn('Authorization', data)
+ r = http.request('GET', '%s/redirect' % self.base_url,
+ fields={'target': '%s/headers' % self.base_url_alt},
+ headers={'authorization': 'foo'})
+
+ self.assertEqual(r.status, 200)
+
+ data = json.loads(r.data.decode('utf-8'))
+
+ self.assertNotIn('authorization', data)
+ self.assertNotIn('Authorization', data)
+
def test_redirect_cross_host_no_remove_headers(self):
http = PoolManager()
self.addCleanup(http.clear)
@@ -155,6 +166,21 @@ class TestPoolManager(HTTPDummyServerTestCase):
self.assertNotIn('X-API-Secret', data)
self.assertEqual(data['Authorization'], 'bar')
+ r = http.request('GET', '%s/redirect' % self.base_url,
+ fields={'target': '%s/headers' % self.base_url_alt},
+ headers={'x-api-secret': 'foo',
+ 'authorization': 'bar'},
+ retries=Retry(remove_headers_on_redirect=['X-API-Secret']))
+
+ self.assertEqual(r.status, 200)
+
+ data = json.loads(r.data.decode('utf-8'))
+
+ self.assertNotIn('x-api-secret', data)
+ self.assertNotIn('X-API-Secret', data)
+
+ self.assertEqual(data['Authorization'], 'bar')
+
def test_raise_on_redirect(self):
http = PoolManager()
self.addCleanup(http.clear)
View Lorry Controller Status