Bug 1745417 - python-requests break Basic Auth when redirects contains default port
Summary: python-requests break Basic Auth when redirects contains default port
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: python-requests
Version: 7.7
Hardware: All
OS: Linux
Target Milestone: rc
: ---
Assignee: Python Maintainers
QA Contact: Jan Kepler
: 1751175 (view as bug list)
Depends On:
Blocks: 1754830
TreeView+ depends on / blocked
Reported: 2019-08-26 06:09 UTC by Tomas Žaleniakas
Modified: 2019-12-11 15:40 UTC (History)
6 users (show)

Fixed In Version: python-requests-2.6.0-6.el7
Doc Type: No Doc Update
Doc Text:
Clone Of:
: 1754830 (view as bug list)
Last Closed:
Target Upstream Version:

Attachments (Terms of Use)

System ID Priority Status Summary Last Updated
Github psf requests issues 4850 'None' closed Authorization header dropped accidentally because wrong port change detection logic 2020-07-13 08:20:59 UTC
Red Hat Bugzilla 1643829 'low' 'CLOSED' 'CVE-2018-18074 python-requests: Redirect from HTTPS to HTTP does not remove Authorization header' 2019-12-05 08:29:55 UTC

Description Tomas Žaleniakas 2019-08-26 06:09:07 UTC
Description of problem:
After RHEL bugfix No. 1643829 this bug https://github.com/psf/requests/issues/4850 were introduced into python-requests library

Version-Release number of selected component (if applicable):
python-requests 2.6.0-5

How reproducible:

Steps to Reproduce:
1.Update to latest python-requests
2.Do a request to URL without specifying port with basic auth, which returns redirect to same host just with default port

Actual results:
Getting 401 error

Expected results:
Get 200 for successful requests with basic auth

Additional info:

Comment 2 Tomas Orsava 2019-08-27 11:36:04 UTC
Upstream patch: https://github.com/psf/requests/pull/4851

Comment 5 Tomas Orsava 2019-09-23 14:09:18 UTC
*** Bug 1751175 has been marked as a duplicate of this bug. ***

Note You need to log in before you can comment on or make changes to this bug.