From f997938916d20e955478f60406ef9d293236a16d Mon Sep 17 00:00:00 2001 From: Ben Falk Date: Wed, 14 Apr 2021 15:14:53 -0400 Subject: [PATCH] use quote instead of quote_plus for RedirectResponse location header (#1164) * use quote instead of quote_plus for RedirectResponse location header adjust safe characters: rem. duplicate & symbol add test for redirect quoting * remove unused import Co-authored-by: Jamie Hewland --- starlette/responses.py | 4 ++-- tests/test_responses.py | 14 ++++++++++++++ 2 files changed, 16 insertions(+), 2 deletions(-) diff --git a/starlette/responses.py b/starlette/responses.py index ff122fba1..d660cd927 100644 --- a/starlette/responses.py +++ b/starlette/responses.py @@ -7,7 +7,7 @@ import typing from email.utils import formatdate from mimetypes import guess_type as mimetypes_guess_type -from urllib.parse import quote, quote_plus +from urllib.parse import quote from starlette.background import BackgroundTask from starlette.concurrency import iterate_in_threadpool, run_until_first_complete @@ -178,7 +178,7 @@ def __init__( super().__init__( content=b"", status_code=status_code, headers=headers, background=background ) - self.headers["location"] = quote_plus(str(url), safe=":/%#?&=@[]!$&'()*+,;") + self.headers["location"] = quote(str(url), safe=":/%#?=@[]!$&'()*+,;") class StreamingResponse(Response): diff --git a/tests/test_responses.py b/tests/test_responses.py index 10fbe673c..fd2ba0e42 100644 --- a/tests/test_responses.py +++ b/tests/test_responses.py @@ -60,6 +60,20 @@ async def app(scope, receive, send): assert response.url == "http://testserver/" +def test_quoting_redirect_response(): + async def app(scope, receive, send): + if scope["path"] == "/I ♥ Starlette/": + response = Response("hello, world", media_type="text/plain") + else: + response = RedirectResponse("/I ♥ Starlette/") + await response(scope, receive, send) + + client = TestClient(app) + response = client.get("/redirect") + assert response.text == "hello, world" + assert response.url == "http://testserver/I%20%E2%99%A5%20Starlette/" + + def test_streaming_response(): filled_by_bg_task = ""