You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
49 lines
2.1 KiB
49 lines
2.1 KiB
From accff72ecc2f6cf5a76d9570198a93ac7c90270e Mon Sep 17 00:00:00 2001
|
|
From: Quentin Pradet <quentin.pradet@gmail.com>
|
|
Date: Mon, 17 Jun 2024 11:09:06 +0400
|
|
Subject: [PATCH] Merge pull request from GHSA-34jh-p97f-mpxf
|
|
|
|
* Strip Proxy-Authorization header on redirects
|
|
|
|
* Fix test_retry_default_remove_headers_on_redirect
|
|
|
|
* Set release date
|
|
---
|
|
CHANGES.rst | 5 +++++
|
|
src/urllib3/util/retry.py | 4 +++-
|
|
test/test_retry.py | 6 ++++-
|
|
test/with_dummyserver/test_poolmanager.py | 27 ++++++++++++++++++++---
|
|
4 files changed, 37 insertions(+), 5 deletions(-)
|
|
|
|
diff --git a/aliyun/aliyunsdkcore/vendored/requests/packages/urllib3/util/retry.py b/aliyun/aliyunsdkcore/vendored/requests/packages/urllib3/util/retry.py
|
|
index 7a76a4a6ad..0456cceba4 100644
|
|
--- a/aliyun/aliyunsdkcore/vendored/requests/packages/urllib3/util/retry.py
|
|
+++ b/aliyun/aliyunsdkcore/vendored/requests/packages/urllib3/util/retry.py
|
|
@@ -189,7 +189,9 @@ class Retry:
|
|
RETRY_AFTER_STATUS_CODES = frozenset([413, 429, 503])
|
|
|
|
#: Default headers to be used for ``remove_headers_on_redirect``
|
|
- DEFAULT_REMOVE_HEADERS_ON_REDIRECT = frozenset(["Cookie", "Authorization"])
|
|
+ DEFAULT_REMOVE_HEADERS_ON_REDIRECT = frozenset(
|
|
+ ["Cookie", "Authorization", "Proxy-Authorization"]
|
|
+ )
|
|
|
|
#: Default maximum backoff time.
|
|
DEFAULT_BACKOFF_MAX = 120
|
|
|
|
diff --git a/gcp/google-cloud-sdk/lib/third_party/urllib3/util/retry.py b/gcp/google-cloud-sdk/lib/third_party/urllib3/util/retry.py
|
|
index 7a76a4a6ad..0456cceba4 100644
|
|
--- a/gcp/google-cloud-sdk/lib/third_party/urllib3/util/retry.py
|
|
+++ b/gcp/google-cloud-sdk/lib/third_party/urllib3/util/retry.py
|
|
@@ -189,7 +189,9 @@ class Retry:
|
|
RETRY_AFTER_STATUS_CODES = frozenset([413, 429, 503])
|
|
|
|
#: Default headers to be used for ``remove_headers_on_redirect``
|
|
- DEFAULT_REMOVE_HEADERS_ON_REDIRECT = frozenset(["Cookie", "Authorization"])
|
|
+ DEFAULT_REMOVE_HEADERS_ON_REDIRECT = frozenset(
|
|
+ ["Cookie", "Authorization", "Proxy-Authorization"]
|
|
+ )
|
|
|
|
#: Default maximum backoff time.
|
|
DEFAULT_BACKOFF_MAX = 120
|