Skip HSTS preloading on single-label domains (#1074)

Co-authored-by: Tom Christie <tom@tomchristie.com>

diff --git a/httpx/_client.py b/httpx/_client.py
index dae15036b8fcd56536c432a257b7a35139cc492c..1ee93521723d0f4ae81b0b1b6aff110b8972a1be 100644 (file)
--- a/httpx/_client.py
+++ b/httpx/_client.py
@@ -204,7 +204,11 @@ class BaseClient:
         to create the URL used for the outgoing request.
         """
         url = self.base_url.join(relative_url=url)
-        if url.scheme == "http" and hstspreload.in_hsts_preload(url.host):
+        if (
+            url.scheme == "http"
+            and hstspreload.in_hsts_preload(url.host)
+            and len(url.host.split(".")) > 1
+        ):
             port = None if url.port == 80 else url.port
             url = url.copy_with(scheme="https", port=port)
         return url

diff --git a/tests/client/test_client.py b/tests/client/test_client.py
index 40a590475126050d5640499aad3709801c9586a5..75384f2662773941e3937efa45674a6124db3c7d 100644 (file)
--- a/tests/client/test_client.py
+++ b/tests/client/test_client.py
@@ -162,3 +162,18 @@ def test_merge_url():
     request = client.build_request("GET", "http://www.paypal.com")
     assert request.url.scheme == "https"
     assert request.url.is_ssl
+
+
+@pytest.mark.parametrize(
+    "url,scheme,is_ssl",
+    [
+        ("http://www.paypal.com", "https", True),
+        ("http://app", "http", False),
+        ("http://192.168.1.42", "http", False),
+    ],
+)
+def test_merge_url_hsts(url: str, scheme: str, is_ssl: bool):
+    client = httpx.Client()
+    request = client.build_request("GET", url)
+    assert request.url.scheme == scheme
+    assert request.url.is_ssl == is_ssl