From: Tom Christie Date: Tue, 3 Sep 2019 13:36:03 +0000 (+0100) Subject: Drop Content-Length headers on GET redirects X-Git-Tag: 0.7.3~21^2~6 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=0276ff9880066789994aa2299576c8b67172fcd9;p=thirdparty%2Fhttpx.git Drop Content-Length headers on GET redirects --- diff --git a/httpx/middleware.py b/httpx/middleware.py index 4ed750e6..670d96bc 100644 --- a/httpx/middleware.py +++ b/httpx/middleware.py @@ -88,7 +88,7 @@ class RedirectMiddleware(BaseMiddleware): ) -> AsyncRequest: method = self.redirect_method(request, response) url = self.redirect_url(request, response) - headers = self.redirect_headers(request, url) # TODO: merge headers? + headers = self.redirect_headers(request, url, method) # TODO: merge headers? content = self.redirect_content(request, method) cookies = Cookies(self.cookies) cookies.update(request.cookies) @@ -138,15 +138,22 @@ class RedirectMiddleware(BaseMiddleware): return url - def redirect_headers(self, request: AsyncRequest, url: URL) -> Headers: + def redirect_headers(self, request: AsyncRequest, url: URL, method: str) -> Headers: """ - Strip Authorization headers when responses are redirected away from - the origin. + Return the headers that should be used for the redirect request. """ headers = Headers(request.headers) + if url.origin != request.url.origin: + # Strip Authorization headers when responses are redirected away from + # the origin. del headers["Authorization"] - del headers["host"] + del headers["Host"] + + if method != request.method and method == "GET": + # Strip Content-Length headers when we've switch to a 'GET' request. + del headers["Content-Length"] + return headers def redirect_content(self, request: AsyncRequest, method: str) -> bytes: