requests
requests copied to clipboard
psf
Multiple path separators causes bad requests
I'm assuming that change in https://github.com/psf/requests/pull/6644 is the cause of this changed behavior that operations with // in path fails. It seems to be related to Authentication as it is the only thing I could find that does not get trimmed by the change in 6644.
Expected Result
Similar behavior as before 2.32.0
Actual Result
Request captured by wireshark, note that this is the second request as the first got a 401
Hypertext Transfer Protocol POST /axis-cgi/capturemode.cgi HTTP/1.1\r\n Host: 192.168.0.1\r\n User-Agent: python-requests/2.32.3\r\n Accept-Encoding: gzip, deflate, zstd\r\n Accept: /\r\n Connection: keep-alive\r\n Content-Length: 50\r\n [truncated]Authorization: Digest username="root", realm="AXIS_B8A44F45D62F", nonce="UKH3vekeBgA=2b0d57c2d8b8eb15307576e30309cb7b23a2304c", uri="//axis-cgi/capturemode.cgi", response="0a51943f746a0d88c6574f662b457a9c", algorithm="MD5", qo username="root" realm="AXIS_B8A44F45D62F" nonce="UKH3vekeBgA=2b0d57c2d8b8eb15307576e30309cb7b23a2304c" uri="//axis-cgi/capturemode.cgi" response="0a51943f746a0d88c6574f662b457a9c" algorithm="MD5" qop="auth" nc=00000001 \r\n [Full request URI: http://172.26.21.128/axis-cgi/capturemode.cgi] [HTTP request 2/2] [Prev request in frame: 10] [Response in frame: 19] File Data: 50 bytes Data (50 bytes)
Response: Hypertext Transfer Protocol HTTP/1.1 400 Bad Request\r\n Date: Mon, 05 Aug 2024 06:25:23 GMT\r\n Server: Apache/2.4.58 (Unix) OpenSSL/3.0.13\r\n X-Content-Type-Options: nosniff\r\n X-Frame-Options: SAMEORIGIN\r\n X-XSS-Protection: 1; mode=block\r\n [truncated]Content-Security-Policy: default-src 'self'; frame-ancestors 'self'; connect-src 'self' https://.google-analytics.com https://.analytics.google.com https://.googletagmanager.com https://.axis.com mediastream: blob:; script Content-Length: 226\r\n Connection: close\r\n Content-Type: text/html; charset=iso-8859-1\r\n \r\n [HTTP response 2/2] [Time since request: 0.001411000 seconds] [Prev request in frame: 10] [Prev response in frame: 13] [Request in frame: 16] [Request URI: http://192.168.0.1/axis-cgi/capturemode.cgi] File Data: 226 bytes
Reproduction Steps
This was run at a axis camera
import requests
url = "http://192.168.01//axis-cgi/capturemode.cgi"
body = {
"apiVersion": "1.0",
"method": "getCaptureModes"}
auth = requests.auth.HTTPDigestAuth("root", "pass")
response = requests.post(url=url, data=json.dumps(body),
auth=auth, proxies=dict(http=None, https=None))
System Information
$ python -m requests.help
{
"chardet": {
"version": null
},
"charset_normalizer": {
"version": "3.3.2"
},
"cryptography": {
"version": "42.0.8"
},
"idna": {
"version": "3.7"
},
"implementation": {
"name": "CPython",
"version": "3.11.2"
},
"platform": {
"release": "6.1.0-21-amd64",
"system": "Linux"
},
"pyOpenSSL": {
"openssl_version": "30200020",
"version": "24.1.0"
},
"requests": {
"version": "2.32.3"
},
"system_ssl": {
"version": "300000b0"
},
"urllib3": {
"version": "2.2.2"
},
"using_charset_normalizer": true,
"using_pyopenssl": true
}
