Fix incorrect rejection of ws:// and wss:// urls

[AraHaan]

This is because libraries like discord.py needs to use a wss type of url to make a socket to an api service, and it cannot be done outside of aiohttp as it can block the async event loop which can result in undefined behavior.

Test will arrive soon.

What do these changes do?

This fixes the breaking change that breaks the usage of wss style urls inside of api wrappers that requires them in order to start up at all.

Are there changes in behavior for the user?

The only change is that the wss style urls that previously did not throw in 3.9.5 will now still work in 3.10.0 and 4.0.0 when this gets merged. This is because this change special cases wss links.

Is it a substantial burden for the maintainers to support this?

I think this is not a substantial burden as this is both a simple change, and prevents breaking applications that expect this entirely while also allowing them to get the latest updates on both features and bug fixes (and possibly also security fixes) vs pinning them forever to 3.9.5 being the last version they can ever use and them eating a security bug that they can never get fixed.

Related issue number

Fixes #8481

Checklist

Will finish the checklist as I work on this.

• I think the code is well written
• Unit tests for the changes exist
• Documentation reflects the changes
• If you provide code modification, please add yourself to CONTRIBUTORS.txt
  • The format is <Name> <Surname>.
  • Please keep alphabetical order, the file is sorted by names.
• Add a new news fragment into the CHANGES/ folder

  • name it <issue_or_pr_num>.<type>.rst (e.g. 588.bugfix.rst)

  • if you don't have an issue number, change it to the pull request
    number after creating the PR

    • .bugfix: A bug fix for something the maintainers deemed an
      improper undesired behavior that got corrected to match
      pre-agreed expectations.
    • .feature: A new behavior, public APIs. That sort of stuff.
    • .deprecation: A declaration of future API removals and breaking
      changes in behavior.
    • .breaking: When something public is removed in a breaking way.
      Could be deprecated in an earlier release.
    • .doc: Notable updates to the documentation structure or build
      process.
    • .packaging: Notes for downstreams about unobvious side effects
      and tooling. Changes in the test invocation considerations and
      runtime assumptions.
    • .contrib: Stuff that affects the contributor experience. e.g.
      Running tests, building the docs, setting up the development
      environment.
    • .misc: Changes that are hard to assign to any of the above
      categories.

  • Make sure to use full sentences with correct case and punctuation,
    for example:

    Fixed issue with non-ascii contents in doctest text files
    -- by :user:`contributor-gh-handle`.

    Use the past tense or the present tense a non-imperative mood,
    referring to what's changed compared to the last released version
    of this project.

[webknjaz]

Ref #6722 (comment)

[webknjaz]

This should probably not modify the constant but be in a separate one so the initial connect and redirect might be treated differently..

[AraHaan]

Yeah that is true as well.

[AraHaan]

Does this look better?

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 97.61%. Comparing base (7bf6ee1) to head (b16e5ae).
Report is 2 commits behind head on master.

Additional details and impacted files

@@           Coverage Diff           @@
##           master    #8482   +/-   ##
=======================================
  Coverage   97.61%   97.61%           
=======================================
  Files         107      107           
  Lines       33159    33191   +32     
  Branches     3895     3898    +3     
=======================================
+ Hits        32369    32401   +32     
  Misses        571      571           
  Partials      219      219           

Flag	Coverage Δ
CI-GHA	97.53% <100.00%> (+<0.01%)	⬆️
OS-Linux	97.20% <100.00%> (+<0.01%)	⬆️
OS-Windows	95.65% <100.00%> (+<0.01%)	⬆️
OS-macOS	96.86% <100.00%> (+<0.01%)	⬆️
Py-3.10.11	97.00% <100.00%> (+<0.01%)	⬆️
Py-3.10.14	96.96% <100.00%> (+<0.01%)	⬆️
Py-3.11.9	97.18% <100.00%> (+<0.01%)	⬆️
Py-3.12.4	97.30% <100.00%> (+<0.01%)	⬆️
Py-3.8.10	95.42% <100.00%> (+<0.01%)	⬆️
Py-3.8.18	96.85% <100.00%> (+<0.01%)	⬆️
Py-3.9.13	96.99% <100.00%> (-0.01%)	⬇️
Py-3.9.19	96.95% <100.00%> (+<0.01%)	⬆️
Py-pypy7.3.16	96.52% <100.00%> (+<0.01%)	⬆️
VM-macos	96.86% <100.00%> (+<0.01%)	⬆️
VM-ubuntu	97.20% <100.00%> (+<0.01%)	⬆️
VM-windows	95.65% <100.00%> (+<0.01%)	⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[webknjaz]

Yeah, I think so. Though, we won't see a proof until the tests are in.

[Dreamsorcerer]

Based on the comments we had on that previous PR, this looks like the right change.

Can we get a regression test though, to be sure it doesn't get broken again in future?

[AraHaan]

Based on the comments we had on that previous PR, this looks like the right change.

Can we get a regression test though, to be sure it doesn't get broken again in future?

sure, I will need to crab an wss and ws url that does not need any json format query params though as I am not sure if the discord one can be used or not for the test here.

[webknjaz]

I am not sure if the discord one can be used or not for the test here.

Make sure that the test does not depend on the internet access.

[AraHaan]

uh do I edit test_client_ws.py or test_client_ws_functional.py?

[Dreamsorcerer]

uh do I edit test_client_ws.py or test_client_ws_functional.py?

Whichever makes sense for the test you write (comparing to the tests in each file). I think the first tests small details using mocks, while the second is closer to E2E tests against a running application.

[patchback]

Backport to 3.10: 💔 cherry-picking failed — conflicts found

❌ Failed to cleanly apply 62173be on top of patchback/backports/3.10/62173bea1e4e3538d46e6e9b94d727d870d86879/pr-8482

Backporting merged PR #8482 into master

1. Ensure you have a local repo clone of your fork. Unless you cloned it
   from the upstream, this would be your origin remote.
2. Make sure you have an upstream repo added as a remote too. In these
   instructions you'll refer to it by the name upstream. If you don't
   have it, here's how you can add it:

   $ git remote add upstream https://github.com/aio-libs/aiohttp.git

3. Ensure you have the latest copy of upstream and prepare a branch
   that will hold the backported code:

   $ git fetch upstream
   $ git checkout -b patchback/backports/3.10/62173bea1e4e3538d46e6e9b94d727d870d86879/pr-8482 upstream/3.10

4. Now, cherry-pick PR Fix incorrect rejection of ws:// and wss:// urls #8482 contents into that branch:

   $ git cherry-pick -x 62173bea1e4e3538d46e6e9b94d727d870d86879

   If it'll yell at you with something like fatal: Commit 62173bea1e4e3538d46e6e9b94d727d870d86879 is a merge but no -m option was given., add -m 1 as follows instead:

   $ git cherry-pick -m1 -x 62173bea1e4e3538d46e6e9b94d727d870d86879

5. At this point, you'll probably encounter some merge conflicts. You must
   resolve them in to preserve the patch from PR Fix incorrect rejection of ws:// and wss:// urls #8482 as close to the
   original as possible.
6. Push this branch to your fork on GitHub:

   $ git push origin patchback/backports/3.10/62173bea1e4e3538d46e6e9b94d727d870d86879/pr-8482

7. Create a PR, ensure that the CI is green. If it's not — update it so that
   the tests and any other checks pass. This is it!
   Now relax and wait for the maintainers to process your pull request
   when they have some cycles to do reviews. Don't worry — they'll tell you if
   any improvements are necessary when the time comes!

🤖 @patchback
I'm built with octomachinery and
my source is open — https://github.com/sanitizers/patchback-github-app.

[bdraco]

Thanks @AraHaan

[webknjaz]

It'd be useful to improve this text with context as requested earlier in #8482 (comment)

[bdraco]

Sorry I missed the there was more to that request.

[webknjaz]

Yeah, I only got to take a look again and realized that this description is rather vague. It refers to an incorrect behavior without really getting into what's incorrect about it and where/how it's happening, what's the visible effect for the end-users.

I know this is hard to write and hard to explain, so I'm thinking of ways to lint it better. I was hoping to try integrating https://vale.sh and see if that would help people / give better hints on how to address such things.

[bdraco]

#8513

[Dreamsorcerer]

I thought the "incorrect" behaviour referenced here is not in any release of aiohttp, so probably a changelog entry is unneeded anyway.

[webknjaz]

@Dreamsorcerer yep! I actually brought it up in the follow-up and we dropped this note in favor of linking the original one and crediting the contribution to more people, mentioning more PRs/issues.

[webknjaz]

FYI, __del__() is more or less predictable in CPython, but in PyPy it's not really guaranteed to be called at a specific moment in time. Calling gc.collect() might improve it, especially in tests, but might need several invocations.

[bdraco]

Do you think it better to switch it back to __del__? codeql complained about it

Code scanning
/ CodeQL
__del__ is called explicitly
The del special method is called explicitly.
Show more details

[webknjaz]

Yeah, linters would normally complain and you'd have to ignore. However, I'd probably just stick a few calls to gc.collect(), maybe.

[bdraco]

#8513

[webknjaz]

@AraHaan @bdraco apparently, there was a typo here — a rogue whitespace after the first backtick.