@@ -1573,15 +1573,15 @@ def test_nonhttp_schemes_dont_check_URLs(self):
15731573 preq = req .prepare ()
15741574 assert test_url == preq .url
15751575
1576- @pytest .mark .xfail (raises = ConnectionError )
1577- def test_auth_is_stripped_on_redirect_off_host (self , httpbin ):
1576+ def test_auth_is_stripped_on_http_downgrade (self , httpbin , httpbin_secure , httpbin_ca_bundle ):
15781577 r = requests .get (
1579- httpbin ('redirect-to' ),
1580- params = {'url' : 'http://www.google.co.uk' },
1578+ httpbin_secure ('redirect-to' ),
1579+ params = {'url' : httpbin ( 'get' ) },
15811580 auth = ('user' , 'pass' ),
1581+ verify = httpbin_ca_bundle
15821582 )
15831583 assert r .history [0 ].request .headers ['Authorization' ]
1584- assert not r .request .headers . get ( 'Authorization' , '' )
1584+ assert 'Authorization' not in r .request .headers
15851585
15861586 def test_auth_is_retained_for_redirect_on_host (self , httpbin ):
15871587 r = requests .get (httpbin ('redirect/1' ), auth = ('user' , 'pass' ))
@@ -1590,6 +1590,27 @@ def test_auth_is_retained_for_redirect_on_host(self, httpbin):
15901590
15911591 assert h1 == h2
15921592
1593+ def test_should_strip_auth_host_change (self ):
1594+ s = requests .Session ()
1595+ assert s .should_strip_auth ('http://example.com/foo' , 'http://another.example.com/' )
1596+
1597+ def test_should_strip_auth_http_downgrade (self ):
1598+ s = requests .Session ()
1599+ assert s .should_strip_auth ('https://example.com/foo' , 'http://example.com/bar' )
1600+
1601+ def test_should_strip_auth_https_upgrade (self ):
1602+ s = requests .Session ()
1603+ assert not s .should_strip_auth ('http://example.com/foo' , 'https://example.com/bar' )
1604+ assert not s .should_strip_auth ('http://example.com:80/foo' , 'https://example.com/bar' )
1605+ assert not s .should_strip_auth ('http://example.com/foo' , 'https://example.com:443/bar' )
1606+ # Non-standard ports should trigger stripping
1607+ assert s .should_strip_auth ('http://example.com:8080/foo' , 'https://example.com/bar' )
1608+ assert s .should_strip_auth ('http://example.com/foo' , 'https://example.com:8443/bar' )
1609+
1610+ def test_should_strip_auth_port_change (self ):
1611+ s = requests .Session ()
1612+ assert s .should_strip_auth ('http://example.com:1234/foo' , 'https://example.com:4321/bar' )
1613+
15931614 def test_manual_redirect_with_partial_body_read (self , httpbin ):
15941615 s = requests .Session ()
15951616 r1 = s .get (httpbin ('redirect/2' ), allow_redirects = False , stream = True )
0 commit comments