Open shelld3v opened 3 days ago
Related to #5289, where akmalhisyam found a way to bypass URL normalization using PreparedRequests, however, the solution doesn't work when you have proxies provided.
This should be able to explicitly set the request URL without getting normalized (from /../something.txt to /something.txt)
/../something.txt
/something.txt
url = "http://example.com/../something.txt" s = requests.Session() req = requests.Request(method='POST' ,url=url, headers=headers, data=data) prep = req.prepare() prep.url = url r = s.send(prep, proxies={"http": "http://127.0.0.1"}, verify=False)
The code above doesn't work, this one works though:
url = "http://example.com/../something.txt" s = requests.Session() req = requests.Request(method='POST' ,url=url, headers=headers, data=data) prep = req.prepare() prep.url = url r = s.send(prep, verify=False)
Use the code in Expected Result and check your proxy request log, you will see it doesn't work
$ python -m requests.help
{ "chardet": { "version": "5.2.0" }, "charset_normalizer": { "version": "2.0.12" }, "cryptography": { "version": "38.0.4" }, "idna": { "version": "3.4" }, "implementation": { "name": "CPython", "version": "3.11.4" }, "platform": { "release": "4.4.0-19041-Microsoft", "system": "Linux" }, "pyOpenSSL": { "openssl_version": "30000080", "version": "21.0.0" }, "requests": { "version": "2.32.3" }, "system_ssl": { "version": "30000030" }, "urllib3": { "version": "2.0.4" }, "using_charset_normalizer": false, "using_pyopenssl": true }
Related to #5289, where akmalhisyam found a way to bypass URL normalization using PreparedRequests, however, the solution doesn't work when you have proxies provided.
Expected Result
This should be able to explicitly set the request URL without getting normalized (from
/../something.txtto/something.txt)Actual Result
The code above doesn't work, this one works though:
Reproduction Steps
Use the code in Expected Result and check your proxy request log, you will see it doesn't work
System Information