Location header is parsed unconditionally even when follow_redirects is disabled #3179
Unanswered
d0gkiller87
asked this question in
Potential Issue
Replies: 0 comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
Description
When the server responds with a malformed
Location
header (for example, some misconfigured IIS web server sets it toC:\intput\wwwroot\xxx.aspx
) in 30X redirections, httpx will parse it and fails.The problem is that this behavior cannot be disabled by setting
follow_redirects
toFalse
.Reproduce Setup
Server (flask)
Client (httpx)
Result
Discussion
Here's the relevant function that handles redirection responses: https://github.com/encode/httpx/blob/0.27.0/httpx/_client.py#L991
As we can see,
follow_redirects
is only used after parsing theLocation
header and checking infinite recursions.In my opinion, if the user decides to handle the redirection manually (i.e. by setting
follow_redirects
toFalse
), httpx shouldn't inspect theLocation
header then fails. Any thoughts?Beta Was this translation helpful? Give feedback.
All reactions