Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Headers that are subclass of str/byte are not accepted #6232

Closed
CarliJoy opened this issue Sep 6, 2022 · 2 comments
Closed

Headers that are subclass of str/byte are not accepted #6232

CarliJoy opened this issue Sep 6, 2022 · 2 comments

Comments

@CarliJoy
Copy link

CarliJoy commented Sep 6, 2022

Requests does not accept headers that are subclasses of string or byte.
They are required i.e. to obfuscate secrets in certain environments, so this is also a security related issue.

The issue was introduced by e36f345 at June this year by @nateprewitt

A possible fix is given in this PR #6230

Expected Result

Headers are used as they are string/byte.

Actual Result

Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
  File "/tmp/venv/lib64/python3.10/site-packages/requests/api.py", line 73, in get
    return request("get", url, params=params, **kwargs)
  File "/tmp/venv/lib64/python3.10/site-packages/requests/api.py", line 59, in request
    return session.request(method=method, url=url, **kwargs)
  File "/tmp/venv/lib64/python3.10/site-packages/requests/sessions.py", line 573, in request
    prep = self.prepare_request(req)
  File "/tmp/venv/lib64/python3.10/site-packages/requests/sessions.py", line 484, in prepare_request
    p.prepare(
  File "/tmp/venv/lib64/python3.10/site-packages/requests/models.py", line 369, in prepare
    self.prepare_headers(headers)
  File "/tmp/venv/lib64/python3.10/site-packages/requests/models.py", line 491, in prepare_headers
    check_header_validity(header)
  File "/tmp/venv/lib64/python3.10/site-packages/requests/utils.py", line 1037, in check_header_validity
    raise InvalidHeader(
requests.exceptions.InvalidHeader: Header part (Hidden) from {'token': Hidden} must be of type str or bytes, not <class '__main__.Secret'>

Reproduction Steps

import requests

class Secret(str):
    def __repr__(self):
        return "Hidden"

requests.get("https://google.com", headers={"token": Secret("Confidential")})

System Information

$ python -m requests.help

{
  "chardet": {
    "version": null
  },
  "charset_normalizer": {
    "version": "2.1.1"
  },
  "cryptography": {
    "version": ""
  },
  "idna": {
    "version": "3.3"
  },
  "implementation": {
    "name": "CPython",
    "version": "3.10.6"
  },
  "platform": {
    "release": "5.19.6-100.fc35.x86_64",
    "system": "Linux"
  },
  "pyOpenSSL": {
    "openssl_version": "",
    "version": null
  },
  "requests": {
    "version": "2.28.1"
  },
  "system_ssl": {
    "version": "1010111f"
  },
  "urllib3": {
    "version": "1.26.12"
  },
  "using_charset_normalizer": true,
  "using_pyopenssl": false
}
@nateprewitt
Copy link
Member

Hi @CarliJoy, please check other open issues before opening new ones. I'll resolve this as a duplicate of #6159.

@CarliJoy
Copy link
Author

CarliJoy commented Sep 6, 2022

Hi @nateprewitt and Sorry. Indeed I forgot to that. Sorry for the extra work.

@CarliJoy CarliJoy mentioned this issue Sep 6, 2022
Closed
@github-actions github-actions bot locked as resolved and limited conversation to collaborators Sep 7, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@nateprewitt @CarliJoy