Bug 1745417 - python-requests break Basic Auth when redirects contains default port
Summary: python-requests break Basic Auth when redirects contains default port
Keywords:
Status: VERIFIED
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: python-requests
Version: 7.7
Hardware: All
OS: Linux
urgent
medium
Target Milestone: rc
: ---
Assignee: Python Maintainers
QA Contact: Jan Kepler
URL:
Whiteboard:
: 1751175 (view as bug list)
Depends On:
Blocks: 1754830
TreeView+ depends on / blocked
 
Reported: 2019-08-26 06:09 UTC by Tomas Žaleniakas
Modified: 2021-03-23 23:33 UTC (History)
6 users (show)

Fixed In Version: python-requests-2.6.0-6.el7
Doc Type: No Doc Update
Doc Text:
Clone Of:
: 1754830 (view as bug list)
Environment:
Last Closed:
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Github psf requests issues 4850 0 'None' closed Authorization header dropped accidentally because wrong port change detection logic 2020-12-18 17:04:36 UTC
Red Hat Bugzilla 1643829 0 low CLOSED CVE-2018-18074 python-requests: Redirect from HTTPS to HTTP does not remove Authorization header 2021-02-22 00:41:40 UTC

Description Tomas Žaleniakas 2019-08-26 06:09:07 UTC 
Description of problem:
After RHEL bugfix No. 1643829 this bug https://github.com/psf/requests/issues/4850 were introduced into python-requests library


Version-Release number of selected component (if applicable):
python-requests 2.6.0-5


How reproducible:


Steps to Reproduce:
1.Update to latest python-requests
2.Do a request to URL without specifying port with basic auth, which returns redirect to same host just with default port


Actual results:
Getting 401 error


Expected results:
Get 200 for successful requests with basic auth


Additional info:
Comment 2 Tomas Orsava 2019-08-27 11:36:04 UTC 
Upstream patch: https://github.com/psf/requests/pull/4851
Comment 5 Tomas Orsava 2019-09-23 14:09:18 UTC 
*** Bug 1751175 has been marked as a duplicate of this bug. ***
Note You need to log in before you can comment on or make changes to this bug.