-
-
Notifications
You must be signed in to change notification settings - Fork 2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fix incorrect rejection of ws:// and wss:// urls #8482
Changes from 9 commits
b4c161d
e086eff
d58cfc7
858b96a
9e20f5a
2409cd1
e19da9d
a11518d
be8f71e
20f8bfd
79e9987
68ea65f
b16e5ae
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,2 @@ | ||
Fixed the incorrect rejection of ``ws://`` and ``wss://`` urls | ||
-- by :user:` AraHaan`. | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. |
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -467,6 +467,60 @@ async def create_connection(req, traces, timeout): | |
c.__del__() | ||
|
||
|
||
@pytest.mark.parametrize("protocol", ["http", "https", "ws", "wss"]) | ||
async def test_ws_connect_allowed_protocols( | ||
create_session: Any, | ||
create_mocked_conn: Any, | ||
protocol: str, | ||
ws_key: Any, | ||
key_data: Any, | ||
) -> None: | ||
url = URL(f"{protocol}://example.com") | ||
req = mock.Mock() | ||
bdraco marked this conversation as resolved.
Show resolved
Hide resolved
|
||
req_factory = mock.Mock(return_value=req) | ||
resp = mock.Mock() | ||
resp.status = 101 | ||
resp.headers = { | ||
hdrs.UPGRADE: "websocket", | ||
hdrs.CONNECTION: "upgrade", | ||
hdrs.SEC_WEBSOCKET_ACCEPT: ws_key, | ||
} | ||
resp.url = url | ||
resp.cookies = SimpleCookie() | ||
resp.start = mock.AsyncMock() | ||
req.send = mock.AsyncMock(return_value=resp) | ||
session = await create_session(request_class=req_factory) | ||
|
||
connections = [] | ||
original_connect = session._connector.connect | ||
|
||
async def connect(req, traces, timeout): | ||
conn = await original_connect(req, traces, timeout) | ||
connections.append(conn) | ||
return conn | ||
|
||
async def create_connection(req, traces, timeout): | ||
# return self.transport, self.protocol | ||
conn = create_mocked_conn() | ||
return conn | ||
bdraco marked this conversation as resolved.
Show resolved
Hide resolved
|
||
|
||
session._connector.connect = connect | ||
session._connector._create_connection = create_connection | ||
session._connector._release = mock.Mock() | ||
bdraco marked this conversation as resolved.
Show resolved
Hide resolved
|
||
|
||
with mock.patch("aiohttp.client.os") as m_os: | ||
m_os.urandom.return_value = key_data | ||
await session.ws_connect(f"{protocol}://example.com") | ||
|
||
# normally called during garbage collection. triggers an exception | ||
# if the connection wasn't already closed | ||
for c in connections: | ||
c.close() | ||
del c | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. FYI, There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Do you think it better to switch it back to
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Yeah, linters would normally complain and you'd have to ignore. However, I'd probably just stick a few calls to There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. |
||
|
||
await session.close() | ||
|
||
|
||
async def test_cookie_jar_usage(loop: Any, aiohttp_client: Any) -> None: | ||
req_url = None | ||
|
||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It'd be useful to improve this text with context as requested earlier in #8482 (comment)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Sorry I missed the there was more to that request.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yeah, I only got to take a look again and realized that this description is rather vague. It refers to an incorrect behavior without really getting into what's incorrect about it and where/how it's happening, what's the visible effect for the end-users.
I know this is hard to write and hard to explain, so I'm thinking of ways to lint it better. I was hoping to try integrating https://vale.sh and see if that would help people / give better hints on how to address such things.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
#8513
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I thought the "incorrect" behaviour referenced here is not in any release of aiohttp, so probably a changelog entry is unneeded anyway.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@Dreamsorcerer yep! I actually brought it up in the follow-up and we dropped this note in favor of linking the original one and crediting the contribution to more people, mentioning more PRs/issues.