Skip to content

Add session as optional parameter to safe_urlopen #4943

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
HazAT wants to merge 1 commit into from
Closed

Add session as optional parameter to safe_urlopen #4943

HazAT wants to merge 1 commit into from

Conversation

@HazAT
Copy link
Member

@HazAT HazAT commented Feb 20, 2017

When we merge this we can close this PR
#4574

We will move it into a plugin
getsentry/sentry-plugins#135 (comment)

@HazAT HazAT self-assigned this Feb 20, 2017
@HazAT HazAT requested a review from mitsuhiko February 20, 2017 16:45
mattrobenolt
mattrobenolt reviewed Feb 20, 2017
View reviewed changes
Copy link
Contributor

@mattrobenolt mattrobenolt left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't see a reason to allow this. If we pass in a session explicitly, there's no point in using safe_urlopen. Just use the methods on your session directly.

@mitsuhiko
Copy link
Contributor

mitsuhiko commented Feb 20, 2017

@mattrobenolt but the methods on the session don't do what safe_urlopen does.

@mitsuhiko
Copy link
Contributor

mitsuhiko commented Feb 20, 2017

(The reason we want to pass in a session is because we pour cookies into the session cookie jar before calling this)

@mattrobenolt
Copy link
Contributor

mattrobenolt commented Feb 20, 2017

Like what? It was intended just to be a wrapper around the build_session() to prevent poking internal urls. Other than that, it doesn't do much. And if we're allowing passing in a Session, you could just bypass any of the value of "safe".

I see in the related PR that you're using build_session() directly. What can't you do just calling methods off of that?

@mitsuhiko
Copy link
Contributor

mitsuhiko commented Feb 20, 2017

@mattrobenolt i thought there was a reason for it. I see that it catches and reraises errors, that it sets a default encoding to utf-8 and sets a default timeout. Obviously we can duplicate that behavior but seems like that would be easy to miss then.

@mitsuhiko
Copy link
Contributor

mitsuhiko commented Feb 20, 2017

Original code comes from the WIP code here: #4574

@mattrobenolt
Copy link
Contributor

mattrobenolt commented Feb 20, 2017

Yeah, totally get what you're saying. I just don't particularly want to conflate safe_urlopen to allow something not safe. In this case, there's nothing preventing you from passing in your own Session that just does anything. I know you're not doing that, but it allows it.

I'd almost rather just have a urlopen function of our own that does all the stuff you mention, in which safe_urlopen calls. Then you can explicitly use urlopen instead to leave safe mean safe.

@mitsuhiko
Copy link
Contributor

mitsuhiko commented Feb 20, 2017

Summary from chat: we should probably make the build_session thing return a SafeSession subclass we can assert on, then make sure that safe_urlopen only ever gets a safe session.

Then maybe also rename build_session to build_safe_session and leave an alias for BW-compat behind.

@mitsuhiko
Copy link
Contributor

mitsuhiko commented Feb 20, 2017

Bonus points for moving as much logic as possible from safe_urlopen into the session directly.

@mitsuhiko mitsuhiko mentioned this pull request Feb 20, 2017
Merged
@mitsuhiko
Copy link
Contributor

mitsuhiko commented Feb 20, 2017

Closed in favour of #4945

@mitsuhiko mitsuhiko closed this Feb 20, 2017
@mitsuhiko mitsuhiko deleted the feature/inject-session-into-safe_urlopen branch February 20, 2017 18:18
@github-actions github-actions bot locked and limited conversation to collaborators Dec 23, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

@mitsuhiko mitsuhiko Awaiting requested review from mitsuhiko

1 more reviewer

@mattrobenolt mattrobenolt mattrobenolt left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

@HazAT HazAT

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@HazAT @mitsuhiko @mattrobenolt