]> git.ipfire.org Git - thirdparty/httpx.git/commitdiff
Drop HSTS Preloading (#1110)
authorFlorimond Manca <florimond.manca@gmail.com>
Wed, 5 Aug 2020 12:05:45 +0000 (14:05 +0200)
committerGitHub <noreply@github.com>
Wed, 5 Aug 2020 12:05:45 +0000 (13:05 +0100)
* Drop HSTS Preloading

* Update test_client.py

Co-authored-by: Tom Christie <tom@tomchristie.com>
README.md
docs/index.md
httpx/_client.py
setup.cfg
setup.py
tests/client/test_client.py

index d262045f3486dee3c826ff9dfae1a3a0c2f28736..9ce2311ed8c118dd5f528665bd456b2d75ccc29e 100644 (file)
--- a/README.md
+++ b/README.md
@@ -113,7 +113,6 @@ The HTTPX project relies on these excellent libraries:
   * `h2` - HTTP/2 support.
 * `certifi` - SSL certificates.
 * `chardet` - Fallback auto-detection for response encoding.
-* `hstspreload` - determines whether IDNA-encoded host should be only accessed via HTTPS.
 * `idna` - Internationalized domain name support.
 * `rfc3986` - URL parsing & normalization.
 * `sniffio` - Async library autodetection.
index 7f7ecee6c55949aaef0f2674b025aedba9cafef5..1241069133757d86cae02635549f18a6347d4211 100644 (file)
@@ -111,7 +111,6 @@ The HTTPX project relies on these excellent libraries:
   * `h2` - HTTP/2 support.
 * `certifi` - SSL certificates.
 * `chardet` - Fallback auto-detection for response encoding.
-* `hstspreload` - determines whether IDNA-encoded host should be only accessed via HTTPS.
 * `idna` - Internationalized domain name support.
 * `rfc3986` - URL parsing & normalization.
 * `sniffio` - Async library autodetection.
index e4b212b4ac99450132911e9a36f665d5fb3470a8..dad4a42aab0912f805dc0c3bd35d63490fd78bfb 100644 (file)
@@ -2,7 +2,6 @@ import functools
 import typing
 from types import TracebackType
 
-import hstspreload
 import httpcore
 
 from ._auth import Auth, BasicAuth, FunctionAuth
@@ -209,15 +208,7 @@ class BaseClient:
         Merge a URL argument together with any 'base_url' on the client,
         to create the URL used for the outgoing request.
         """
-        url = self.base_url.join(relative_url=url)
-        if (
-            url.scheme == "http"
-            and hstspreload.in_hsts_preload(url.host)
-            and len(url.host.split(".")) > 1
-        ):
-            port = None if url.port == 80 else url.port
-            url = url.copy_with(scheme="https", port=port)
-        return url
+        return self.base_url.join(relative_url=url)
 
     def _merge_cookies(
         self, cookies: CookieTypes = None
index 6732488f63df88176da9578b71fcccbbabaa7440..abf929021eb7e25157a0212f2ba065531d702e38 100644 (file)
--- a/setup.cfg
+++ b/setup.cfg
@@ -14,7 +14,7 @@ check_untyped_defs = True
 profile = black
 combine_as_imports = True
 known_first_party = httpx,tests
-known_third_party = brotli,certifi,chardet,cryptography,hstspreload,httpcore,pytest,rfc3986,setuptools,sniffio,trio,trustme,uvicorn
+known_third_party = brotli,certifi,chardet,cryptography,httpcore,pytest,rfc3986,setuptools,sniffio,trio,trustme,uvicorn
 
 [tool:pytest]
 addopts = --cov=httpx --cov=tests -rxXs
index cc6216992c132f2c398c487d3aa71456d02858c3..4ce68e113f1402bc3b5af0bedd7fa0ee63403247 100644 (file)
--- a/setup.py
+++ b/setup.py
@@ -56,7 +56,6 @@ setup(
     zip_safe=False,
     install_requires=[
         "certifi",
-        "hstspreload",
         "sniffio",
         "chardet==3.*",
         "idna==2.*",
index 4f196be9549c2a215be7189983ec3ce5e3b42dae..ea57c11c3545de0ba5d696231a3b3a9fc74829f3 100644 (file)
@@ -175,25 +175,10 @@ def test_base_url(server):
 
 
 def test_merge_url():
-    client = httpx.Client(base_url="https://www.paypal.com/")
-    request = client.build_request("GET", "http://www.paypal.com")
-    assert request.url.scheme == "https"
-    assert request.url.is_ssl
-
-
-@pytest.mark.parametrize(
-    "url,scheme,is_ssl",
-    [
-        ("http://www.paypal.com", "https", True),
-        ("http://app", "http", False),
-        ("http://192.168.1.42", "http", False),
-    ],
-)
-def test_merge_url_hsts(url: str, scheme: str, is_ssl: bool):
-    client = httpx.Client()
-    request = client.build_request("GET", url)
-    assert request.url.scheme == scheme
-    assert request.url.is_ssl == is_ssl
+    client = httpx.Client(base_url="https://www.example.com/")
+    request = client.build_request("GET", "http://www.example.com")
+    assert request.url.scheme == "http"
+    assert not request.url.is_ssl
 
 
 def test_pool_limits_deprecated():