Feature request: Update session default Authorization header

[asmacdo]

Long story short

I would like to update headers for an entire session, but setting ClientSession._default_headers directly is discouraged. The use case for this is token auth, when the tokens expire in a relatively short time. It would be nice to be able to update all new requests for a single session with the new token.

Expected behaviour

What I'd like to see is a new method: ClientSession.update_default_headers.

Example use for the token auth use case:

session.update_default_headers({"Authorization": "Bearer <newtoken>"})

Actual behaviour

It is technically possible to do this now, but requires the direct use of discouraged ClientSession.ATTRS. https://github.com/aio-libs/aiohttp/blob/master/aiohttp/client.py#L76

session._default_headers = session._prepare_headers({"Authorization": "Bearer <new_token>"})

Would you accept a PR?

I'm happy to open a PR. I think this would be as simple as:

def update_default_headers(self, headers):
     self._default_headers = self._prepare_headers(headers)

Of course, this assumes that it is safe to update the default headers, and there may be a very good reason why it is discouraged to begin with.

[aio-libs-bot]

GitMate.io thinks the contributor most likely able to help you is @asvetlov.

Possibly related issues are #1197 (Flask request headers), #1746 (Need possibility to modify client.Session default headers in constructed session), #1618 (allow HEAD requests to default routes), #1561 (Support proxy headers for CONNECT requests), and #3231 (Feature request: in the server, modifying the response headers after they have been sent should raise).

[asmacdo]

After seeing #1746 (sorry I missed it aio-libs-bot++) it seems better if the new method is only capable of updating the 'Authorization' header.

[asvetlov]

Sorry, modifying the defaults is a bad idea.
Consider the following:

1. You've started 1000 parallel tasks for making HTTP requests using the shared session object.
2. One of the tasks modifies default header.
3. All other tasks are affected too. It could be desired behavior but maybe not, depending on the code structure.

Please send headers on each request explicitly if you need a mutable state. It is pretty easy and straightforward.

[asmacdo]

Thanks so much for the quick response @asvetlov. In this case what you described is the intended behavior, but I can make do with mutable headers.

[lock]

This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a [new issue] for related bugs.
If you feel like there's important points made in this discussion, please include those exceprts into that [new issue].
[new issue]: https://github.com/aio-libs/aiohttp/issues/new