Added a warning when stripping authentication from requests on a redirect #5375
Conversation
|
Does the PR need another review? |
|
Can we make progress with this? 🙂 @yanz-androidify |
|
Great PR, lost an hour today trying to understand why my service was broken after moved to OpenShift (it internally redirected requests). This warning could have helped me a lot. |
|
This PR would come really handy @yanz-androidify @kmaork why does it still say that the merging is blocked? How can we get someone with write access to review and approve this PR? It's waiting since May. |
|
I've lost a good 2 hours trying to find out what's wrong when I was playing around with PyGithub, which is using requests under the hood. @nateprewitt, could you please take a look and provide some feedback? It would be great if requests could be a bit more helpful in such scenarios. |
|
Please add this. The current behavior is annoyingly implicit! |
|
Hey @nateprewitt , @sigmavirus24 , @sethmlarson - this PR was approved ages ago by @yanz-androidify but seems to have been forgotten since. Any chance of it getting reviewed? |
|
@kmaork I don't see an approval from that account nor are they a maintainer (nor does that account seem to exist any longer). As it stands, yes this can be annoyingly secure and hidden from the user but this usage of warnings is inappropriate for the solution. It's not the right mechanism and it will result in more issues generated here than users helped. |
Hello!
After seeing this question, I thought a warning should be added when authentication is stripped from redirected requests, in order to save users a significant amount of debugging time.
Apparently the matter has already been discussed in this issue, and it has been agreed upon that some message should be passed to the user, like a debug log or a warning. But requests still does not use logs, and it seems people are still confused by this.
Maybe it is time to add a warning?