httpx icon indicating copy to clipboard operation
httpx copied to clipboard

Published 20 hours ago • verified publisher icon encode

Handle cookies on redirect.

Open rafalkrupinski opened this issue 1 year ago • 3 comments
trafficstars

Summary

Following #2931

When users passes cookies to a client.request() as a dict or list, they're stored as a Cookies instance, with domain taken from the URL, and secure set when the url.scheme is https. This object is kept between redirects, and used to build the redirect request. When cookies are passed as an instance of Cookies or CookieJar, they're stored as-is.

New optional parameter secure is added to Cookies.get and set

In effect

  • cookies follow redirects to the same host, even with intermediate redirects to other hosts
  • cookies don't cross domains, including subdomains
  • cookies don't follow downgrade redirect https->http

Checklist

  • [x] I understand that this PR may be closed in case there was no previous discussion. (This doesn't apply to typos!)
  • [x] I've added a test for each change that was introduced, and I tried as much as possible to make a single atomic change.
  • [ ] I've updated the documentation accordingly.

To do

  • decide whether the new function could be disabled with a flag
  • ~~how to handle pickling? Cookies objects are not pickable, bc its inner CookieJar has a lock object~~ pickle as a list of http.cookies.Cookie instances
  • add documentation (if this feature is tentatively accepted)

rafalkrupinski avatar Feb 06 '24 11:02 rafalkrupinski

Tests fail bc they don't fully cover ...tests 🤷

rafalkrupinski avatar Feb 06 '24 13:02 rafalkrupinski

Thank you for the PR 🙇

I'm interested in these changes:

cookies follow redirects to the same host, even with intermediate redirects to other hosts

Is there anyway I could help to get this merged?

povilasb avatar Mar 04 '24 15:03 povilasb

Hi team! Any thoughts on this?

rafalkrupinski avatar Mar 31 '24 14:03 rafalkrupinski