Stuck on an issue?
Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
[requests.Session] lost headers when meet 301/302/307 redirect
See original GitHub issueSummary.
Request by using [requests.Session]. If set session headers. Headers will lost When met 301/302/307 redirect.
Expected Result
My custom header should in [resp.request.headers]
{ 'Content-Type': 'application/json;charset=UTF-8' }
Actual Result
DEBUG:urllib3.connectionpool:Starting new HTTP connection (1): bing.com:80
DEBUG:urllib3.connectionpool:http://bing.com:80 "GET / HTTP/1.1" 301 0
DEBUG:urllib3.connectionpool:Starting new HTTP connection (1): cn.bing.com:80
DEBUG:urllib3.connectionpool:http://cn.bing.com:80 "GET / HTTP/1.1" 200 46302
{'User-Agent': 'python-requests/2.21.0', 'Accept-Encoding': 'gzip, deflate', 'Accept': '*/*', 'Connection': 'keep-alive'
{ ‘Content-Type’: ‘application/json;charset=UTF-8’ } not in [resp.request.headers].
Reproduction Steps
import logging
logging.basicConfig()
logging.getLogger().setLevel(logging.DEBUG)
requests_log = logging.getLogger("requests.packages.urllib3")
requests_log.setLevel(logging.DEBUG)
requests_log.propagate = True
import requests
ss = requests.Session()
ss.headers.update({
'Content-Type': 'application/json;charset=UTF-8'
})
resp = ss.get('http://bing.com')
print(resp.request.headers)
System Information
$ python -m requests.help
{
"chardet": {
"version": "3.0.4"
},
"cryptography": {
"version": "2.6.1"
},
"idna": {
"version": "2.8"
},
"implementation": {
"name": "CPython",
"version": "3.7.3"
},
"platform": {
"release": "5.3.0-59-generic",
"system": "Linux"
},
"pyOpenSSL": {
"openssl_version": "1010102f",
"version": "19.0.0"
},
"requests": {
"version": "2.21.0"
},
"system_ssl": {
"version": "1010102f"
},
"urllib3": {
"version": "1.24.3"
},
"using_pyopenssl": true
}
Issue Analytics
- State:
- Created 3 years ago
- Comments:5 (3 by maintainers)
Top Results From Across the Web
Remove header in middle of redirection · Issue #3490 - GitHub
Second request (first redirect) show in Chrome's dev inspector: ... [requests.Session] lost headers when meet 301/302/307 redirect #5513.
Read more >Python requests session cannot store response cookie from ...
In Chrome login.aspx correctly gives a set-cookie response header and then a 302 redirect to anotherpage.aspx. In requests I am simply not ...
Read more >Caching overview | Cloud CDN - Google Cloud
Request attributes that aren't part of the cache key, such as the User-Agent or Accept-Encoding header, only reflect the leader of the collapsed...
Read more >Source code for requests.sessions
Returns a redirect URI or ``None``""" # Due to the nature of how requests processes redirects ... It is more likely to get...
Read more >What's the difference between 302 and 307 http redirects ...
302 code tells user that location of the requested resource has been temporarily changed, and this status code has to contain information about...
Read more >
Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free
Top Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
Hello,
Why would you set the Content-Type header for the GET request? As far as I know it’s generally recommended not to set Content-Type by hand, even when used correctly with POST or PUT methods. Requests will automatically generate the right value if it’s not explicitly set.
Anyway, stripping of Content-Type header was added in this issue #3490 to prevent a bug.
I’m going to resolve this since sigmavirus24 has included the relevant links. Removal of headers with potentially sensitive information are removed before redirect to prevent credentials and other secrets from being leaked.