requests icon indicating copy to clipboard operation
requests copied to clipboard

Published 20 hours ago verified publisher icon psf

Change raise_for_status message to hide password in URL

Open Overv opened this issue 5 years ago • 4 comments

This PR fixes #5021 by replacing a password in the URL with asterisks.

Example:

import requests

r = requests.get("http://foo:[email protected]/status/401")
r.raise_for_status()

Output:

Traceback (most recent call last):
  File "5021.py", line 4, in <module>
    r.raise_for_status()
  File "***/python-requests/requests/requests/models.py", line 968, in raise_for_status
    raise HTTPError(http_error_msg, response=self)
requests.exceptions.HTTPError: 401 Client Error: UNAUTHORIZED for url: http://foo:***@httpbin.org/status/401

Overv avatar Oct 02 '19 18:10 Overv

@jackyzha0 @barroca I'll have time to get back to this next weekend.

Overv avatar Oct 22 '19 21:10 Overv

@Overv I opened a similar PR for this that might help you to write a test #5244 let me know if you need help.

barroca avatar Oct 23 '19 16:10 barroca

I've added a unit test.

Overv avatar Oct 28 '19 20:10 Overv

Running into this same issue for requests with client_id and client_secret parameters in the url. Those values would get exposed despite the proposed fix here. Seems like a more general solution is needed.

mpolena avatar Sep 28 '22 15:09 mpolena