[issue14144] urllib2 HTTPRedirectHandler not handling POST data in redirect

2012-02-27 Thread Jay Deiman 

New submission from Jay Deiman :

I've noticed that urllib2's HTTPRedirectHandler does not redirect a POST 
request with the POST data.  

If you send a POST request to a server with data, the data is dropped when the 
new Request is made to the new url.  As stated in a comment in the library 
itself, redirecting a POST request is not strictly RFC compliant, but it's 
generally supported anyway.  The problem here being that our POST data is not 
also being redirected.  I ran into this issue when writing a web api wrapper in 
Python.

I'm submitting a small patch that fixes this issue:


--- /usr/lib/python2.7/urllib2.py   2011-10-04 16:07:28.0 -0500
+++ urllib2.py  2012-02-27 16:03:36.0 -0600
@@ -551,7 +551,11 @@
 newheaders = dict((k,v) for k,v in req.headers.items()
   if k.lower() not in ("content-length", 
"content-type")
  )
+data = None
+if req.has_data():
+data = req.get_data()
 return Request(newurl,
+   data=data,
headers=newheaders,
origin_req_host=req.get_origin_req_host(),
unverifiable=True)

--
components: Extension Modules
files: urllib2.py.patch
keywords: patch
messages: 154516
nosy: crustymonkey
priority: normal
severity: normal
status: open
title: urllib2 HTTPRedirectHandler not handling POST data in redirect
type: behavior
versions: Python 2.7
Added file: http://bugs.python.org/file24665/urllib2.py.patch

___
Python tracker 
<http://bugs.python.org/issue14144>
___
___
Python-bugs-list mailing list
Unsubscribe: 
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue14144] urllib2 HTTPRedirectHandler not handling POST data in redirect

2012-02-27 Thread Jay Deiman 

Jay Deiman  added the comment:

Senthil,

That is a good point about the potential for security issues.  What if it was 
an explicit option in HTTPRedirectHandler since there is a possibility of value 
in being able to do it.  I know my case is probably unusual, but I imagine that 
others might have run into this too.  Something roughly along this line is what 
I'm thinking:


class HTTPRedirectHandler(BaseHandler):
redirect_post_data = False
...
...
def redirect_request(self, req, fp, code, msg, headers, newurl):
...
...
data = None
if req.has_data() and self.redirect_post_data:
data = req.get_data()
return Request(newurl,
   data=data,
   headers=newheaders,
   origin_req_host=req.get_origin_req_host(),
   unverifiable=True)

That would leave the current default behavior as-is, but leave the option to 
explicitly override it by the user, perhaps with a BIG DISCLAIMER comment about 
security.

--

___
Python tracker 
<http://bugs.python.org/issue14144>
___
___
Python-bugs-list mailing list
Unsubscribe: 
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue14144] urllib2 HTTPRedirectHandler not forwarding POST data in redirect

2012-03-02 Thread Jay Deiman 

Jay Deiman  added the comment:

Senthil,

The HTTPRedirectHandler is already breaking RFC2616 by it's own admission in 
the code comments (from the source):

# Strictly (according to RFC 2616), 301 or 302 in response
# to a POST MUST NOT cause a redirection without confirmation
# from the user (of urllib2, in this case).  In practice,
# essentially all clients do redirect in this case, so we
# do the same.
# be conciliant with URIs containing a space

I can definitely understand the issue with changing the default behavior to 
redirect the POST data.  However, an added option which leaves the current 
behavior as the default shouldn't hurt.  I'm submitting a new patch file 
(urllib2.py.redirect_option.patch), which will do exactly that.

--
Added file: http://bugs.python.org/file24711/urllib2.py.redirect_option.patch

___
Python tracker 
<http://bugs.python.org/issue14144>
___
___
Python-bugs-list mailing list
Unsubscribe: 
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue14144] urllib2 HTTPRedirectHandler not forwarding POST data in redirect

2012-03-04 Thread Jay Deiman 

Jay Deiman  added the comment:

I have no problem making doc and test changes.  I'll probably need a pointer as 
to where these changes need to be made and submitted to, but like you said, 
I'll wait until the patch is accepted before doing that.

--

___
Python tracker 
<http://bugs.python.org/issue14144>
___
___
Python-bugs-list mailing list
Unsubscribe: 
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue14338] Document how to forward POST data on redirects

2012-03-19 Thread Jay Deiman 

Jay Deiman  added the comment:

I actually just worked around this issue in my library to do specifically what 
I needed it to do, which was an automatic redirect POST with data.  As far as 
general recipes are concerned, anyone could just follow what I did in my 
library at:

https://github.com/crustymonkey/py-sonic or
http://pypi.python.org/pypi/py-sonic

All I did was just subclass HTTPRedirectHandler and essentially add my patch.

--

___
Python tracker 
<http://bugs.python.org/issue14338>
___
___
Python-bugs-list mailing list
Unsubscribe: 
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com