Consider disallowign redirects or disabling HTTP 301 #85
Description
There is a surprising but expected behavior when eg setting a base URL without HTTPS.
import logging
from picterra import APIClient
from http.client import HTTPConnection
HTTPConnection.debuglevel = 1
logging.basicConfig()
logging.getLogger().setLevel(logging.DEBUG)
requests_log = logging.getLogger("requests.packages.urllib3")
requests_log.setLevel(logging.DEBUG)
requests_log.propagate = True
client = APIClient()
client.create_detector('42')
Output of running this:
(venv) picterra-python (master) $ python test.py
INFO:root:Using base_url=http://app.picterra.ch/public/api/v2/; 3 max retries, 10 backoff and 30 timeout.
DEBUG:urllib3.connectionpool:Starting new HTTP connection (1): [app.picterra.ch:80](http://app.picterra.ch/)
send: b'POST /public/api/v2/detectors/ HTTP/1.1\r\nHost: [app.picterra.ch](http://app.picterra.ch/)\r\nUser-Agent: picterra-python python-requests/2.26.0\r\nAccept-Encoding: gzip, deflate\r\nAccept: */*\r\nConnection: keep-alive\r\nX-Api-Key: XXXXXXX\r\nContent-Length: 109\r\nContent-Type: application/json\r\n\r\n'
send: b'{"configuration": {"detection_type": "count", "output_type": "polygon", "training_steps": 500}, "name": "42"}'
reply: '**HTTP/1.1 301 Moved Permanently**\r\n'
header: Server: nginx
header: Date: Tue, 16 May 2023 05:54:34 GMT
header: Content-Type: text/html
header: Content-Length: 162
header: Location: https://app.picterra.ch/public/api/v2/detectors/
header: X-Frame-Options: SAMEORIGIN
header: Via: 1.1 google
DEBUG:urllib3.connectionpool:[http://app.picterra.ch:80](http://app.picterra.ch/) "POST /public/api/v2/detectors/ HTTP/1.1" 301 162
DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): [app.picterra.ch:443](http://app.picterra.ch:443/)
send: b'GET /public/api/v2/detectors/ HTTP/1.1\r\nHost: [app.picterra.ch](http://app.picterra.ch/)\r\nUser-Agent: picterra-python python-requests/2.26.0\r\nAccept-Encoding: gzip, deflate\r\nAccept: */*\r\nConnection: keep-alive\r\nX-Api-Key: XXXXXX\r\n\r\n'
reply: 'HTTP/1.1 200 OK\r\n'
header: Server: nginx
header: Date: Tue, 16 May 2023 05:54:35 GMT
header: Content-Type: application/json
header: Vary: Accept-Encoding
header: Allow: GET, POST, HEAD, OPTIONS
header: X-Picterra-Build-Version: 07d91c77e4d9aade4abec7de2a2d597d7b402c09
header: X-Frame-Options: DENY
header: Vary: Origin
header: X-Content-Type-Options: nosniff
header: Referrer-Policy: strict-origin-when-cross-origin
header: Cross-Origin-Opener-Policy: same-origin-allow-popups
header: X-Frame-Options: SAMEORIGIN
header: Content-Encoding: gzip
header: Via: 1.1 google
header: Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
header: Transfer-Encoding: chunked
DEBUG:urllib3.connectionpool:[https://app.picterra.ch:443](https://app.picterra.ch/) "GET /public/api/v2/detectors/ HTTP/1.1" 200 None
Traceback (most recent call last):
File "/home/julien/picterra/picterra-python/test.py", line 14, in <module>
client.create_detector('42')
File "/home/julien/picterra/picterra-python/venv/lib/python3.10/site-packages/picterra/client.py", line 523, in create_detector
raise APIError(resp.text)
picterra.client.APIError: {"count":373,"next":"http://app.picterra.ch/public/api/v2/detectors/?page_number=2","previous":null,"results":[{"id":"ce0772b9-a3e1-4908-b5b3-e9e2b1a0543f","name":"Construction Monitoring","is_runnable":false,"classes":[{"name":"class0","id":"ca8a7167-c564-45b2-93f8-ea74b5ec5607"}],"configuration":{"detection_type":"count","output_type":"polygon","training_steps":500,"backbone":"resnet34","tile_size":256,"background_sample_ratio":0.25}},{"id":"218aa9a7-0449-4686-9cf1-d0fa088c84d8","name":"Use case 1 - Utility monitoring","is_runnable":false,"classes":[{"name":"class0","id":"74314824-44fa-4f92-8212-7ba8c728328b"}],"configuration":{"detection_type":"se
So it's doing an initial POST, but then correctly getting a 301 redirect to the https URL (which is what we want).
Searching request github, I found this which seems to indicate this is what browser do (a 301 to a POST results in a GET to the new URL): psf/requests#5284, and HTTP clients follows.
SO thing we can do:
- Idisable 301 handling in our client library (throw an error instead)Or checking if we can disable redirects.
- Anothe thing to consider additionally is to check the regex of the base URL when not on local.
Metadata
Metadata
Assignees
Labels
No labels