-
-
Notifications
You must be signed in to change notification settings - Fork 1.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Get coverage back to 100% #1726
Conversation
Codecov Report
@@ Coverage Diff @@
## master #1726 +/- ##
=========================================
+ Coverage 99.7% 100% +0.29%
=========================================
Files 22 22
Lines 2003 1976 -27
=========================================
- Hits 1997 1976 -21
+ Misses 6 0 -6
Continue to review full report at Codecov.
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Few questions!
@@ -251,40 +251,6 @@ def __init__( | |||
# HTTPS requests to go out as HTTP. (See Issue #356) | |||
self._protocol = "https" | |||
|
|||
def connect(self): |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We probably shouldn't remove this, what happens if a user has an unverified HTTPS connection, is this class used?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
No, it's not used, unverified connections go through VerifiedHTTPSConnection.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Oh, huh. I wonder what the impact of nuking the class and rebinding the name would do to downstream. 🤷♂️
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I don't think anybody is using this class: connect() referenced variables that don't exist, so could not work. An additional wrinkle here is the bottom of the file:
if ssl:
# Make a copy for testing.
UnverifiedHTTPSConnection = HTTPSConnection
HTTPSConnection = VerifiedHTTPSConnection
So one option is to merge VerifiedHTTPSConnection into HTTPSConnection, and add UnverifiedHTTPSConnection = HTTPSConnection
at the end of the file.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@sethmlarson I opened #1730 to unblock this pull request and talk about our options here, including the upstream impact.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@zogzog Sorry for causing an issue. I've edited your above comment as I read it as sarcastic which isn't constructive. Hope you agree with my edit.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Aurélien, je comprends ta colère, je sais ce que c'est de tomber sur un commit quelque part sur GitHub qui casse ton code. Je te présente d'ailleurs mes excuses. Maintenant que ça c'est dit, on apprécierait des interventions plus courtoises !
Indeed I had to add [...] 6 months ago because someone removed them or something
We would have appreciated a heads-up at this point! This would have avoided the whole issue.
I'd be happy to accept a pull request that restores a working and covered connect().
People should really understand that, even though it is generally considered a bad thing and should be discouraged, there is a need for unverified https connections that don't spit warnings on the console.
Can you use our fingerprinting feature if the certificate does not change too often?
Is silencing the warning an option?
By the way, it looks like the TLS certificate of https://pythonian.fr/ is currently expired.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I mean, why don't you just silence the warning? Isn't this working for you?
import urllib3
urllib3.disable_warnings(urllib3.exceptions.SecurityWarning)
http = urllib3.PoolManager(cert_reqs="CERT_NONE")
r = http.request("GET", "https://pythonian.fr/webfiles/css.css")
print(r.status)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Also, for what it's worth, here are the thoughts of Seth on verifying HTTPS: https://sethmlarson.dev/blog/2019-11-26/designing-for-real-world-https. I happen to fully agree.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There's also this method (using certificate pinning as mentioned above) that doesn't require you to disable security warnings. :)
http = urllib3.PoolManager(
cert_reqs="CERT_NONE",
assert_fingerprint="e677022f45ad8ecfc7a66dbb8d57e9c7b01a52c9f880ecb104af6ee67ee9f18a"
)
resp = http.request("GET", "https://pythonian.fr/webfiles/css.css")
Just remember this PoolManager will only work for the one website. Might be worth even using a ConnectionPool instead.
This is ready for another round of review! |
af15fe6
to
16ef500
Compare
16ef500
to
c587125
Compare
test_preserve_chunked_on_retry is a test that I recently added and it failed again. It was retried due to our flaky integration, but we got two different exceptions, both unexpected. The test is definitely not reliable on Windows, and I decided to change tactics to test this code path: an explicit Retry-After header. Opened #1743 for this. |
They always return False in our case, but at least we test that they exist and don't crash.
Indeed, the only _encode_target only calls it if the url starts with a slash.
Unverified connections also go through VerifiedHTTPSConnection.
c587125
to
011d857
Compare
I'd like to release 1.25.7 before making large changes, will return to it after the release has been made. :) |
Works for me 👍 |
@sethmlarson Is there anything I can do here? I understand that it's frightening, but I'm only removing code that was already broken anyway. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This seems fine, if all downstream test suites are passing I've got a feeling we'll be okay.
Thanks! |
This means we should probably refactor the connection classes, but that would change the public API and I think it should be discussed in another pull request.