Allow override of Authorization header in request

[migurski]

I have encountered a situation similar to #927.

I am creating a new request with an explicit Authorization header, e.g.

posted = post('…', headers={'Authorization': '…'}, data=…)

Requests is finding and using an entry from a .netrc file I didn’t know existed; it appears to have been generated by the Heroku toolbelt. This overrides the Authorization header supplied in the headers dictionary.

Can the default behavior instead allow environmental factors to be overridden?

Also, can requests make this behavior in some way easier to discover? I am unable to find a way to retrieve the request headers actually sent; they would have provided a valuable clue about the mystery username & password.

[Lukasa]

Both of these problems in this case have solutions. To avoid using .netrc, use a Session and set Session.trust_env to False. To see what headers were sent by requests (noting that the lower layers may add more), check response.request.headers.

[sigmavirus24]

This is a duplicate of #2062 and as such, I'm closing this

[migurski]

Thanks. @Lukasa, can response.request be added to the Response documentation?

[Lukasa]

@migurski Good idea, and done. See #2069.