File CVE-2024-37891.patch of Package python-urllib3.34893

Overview Repositories Revisions Requests Users Attributes Meta

File CVE-2024-37891.patch of Package python-urllib3.34893

Index: urllib3-1.25.10/src/urllib3/util/retry.py
===================================================================
--- urllib3-1.25.10.orig/src/urllib3/util/retry.py
+++ urllib3-1.25.10/src/urllib3/util/retry.py
@@ -154,7 +154,9 @@ class Retry(object):
 
     RETRY_AFTER_STATUS_CODES = frozenset([413, 429, 503])
 
-    DEFAULT_REDIRECT_HEADERS_BLACKLIST = frozenset(["Cookie", "Authorization"])
+    DEFAULT_REDIRECT_HEADERS_BLACKLIST = frozenset(
+        ["Cookie", "Authorization", "Proxy-Authorization"]
+    )
 
     #: Maximum backoff time.
     BACKOFF_MAX = 120
Index: urllib3-1.25.10/test/test_retry.py
===================================================================
--- urllib3-1.25.10.orig/test/test_retry.py
+++ urllib3-1.25.10/test/test_retry.py
@@ -270,7 +270,11 @@ class TestRetry(object):
     def test_retry_default_remove_headers_on_redirect(self):
         retry = Retry()
 
-        assert list(retry.remove_headers_on_redirect) == ["authorization", "cookie"]
+        assert list(retry.remove_headers_on_redirect) == [
+            "authorization",
+            "proxy-authorization",
+            "cookie",
+        ]
 
     def test_retry_set_remove_headers_on_redirect(self):
         retry = Retry(remove_headers_on_redirect=["X-API-Secret"])

Places

File CVE-2024-37891.patch of Package python-urllib3.34893

Places