Handle redirects ourselves so they are always signed

Requests 2.3 strips Authorization headers when redirects send requests to URLs with different DNS names, which results in requests with no Authorization headers at all. We address this by switching off its internal redirect handling. Note that the means by which this is done does not exist in requests 1.1.
2015-09-18 15:56:45 -07:00
parent 88a298b0d2
commit e2589b65ec
3 changed files with 4 additions and 3 deletions
--- a/requestbuilder/service.py
+++ b/requestbuilder/service.py
@@ -177,7 +177,8 @@ class BaseService(RegionConfigurableMixin):
                        # See requests commit 325ea7b.
                        response = self.session.send(
                            p_request, stream=True, timeout=self.timeout,
-                            verify=self.session_args['verify'])
+                            verify=self.session_args['verify'],
+                            allow_redirects=False)
                    except requests.exceptions.Timeout:
                        if attempt_no < max_tries:
                            self.log.debug('timeout', exc_info=True)
--- a/requestbuilder/suite.py
+++ b/requestbuilder/suite.py
@@ -30,7 +30,7 @@ class RequestBuilder(object):

    @staticmethod
    def format_version():
-        return 'requestbuilder {0} (Intermezzo)'.format(__version__)
+        return 'requestbuilder {0} (Allegro)'.format(__version__)

    @staticmethod
    def list_config_files():
--- a/setup.py
+++ b/setup.py
@@ -22,7 +22,7 @@ from setuptools import find_packages, setup
 from requestbuilder import __version__


-requirements = ['requests>=1',
+requirements = ['requests>=2.4',
                'six']
 if sys.version_info < (2, 7):
    requirements.append('argparse')