Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Consider disallowign redirects or disabling HTTP 301 #85

Open
ao-picterra opened this issue May 16, 2023 · 0 comments
Open

Consider disallowign redirects or disabling HTTP 301 #85

ao-picterra opened this issue May 16, 2023 · 0 comments
Assignees
@restaste

Comments

@ao-picterra
Copy link
Collaborator

There is a surprising but expected behavior when eg setting a base URL without HTTPS.

import logging
from picterra import APIClient
from http.client import HTTPConnection
HTTPConnection.debuglevel = 1
logging.basicConfig()
logging.getLogger().setLevel(logging.DEBUG)
requests_log = logging.getLogger("requests.packages.urllib3")
requests_log.setLevel(logging.DEBUG)
requests_log.propagate = True

client = APIClient()
client.create_detector('42')

Output of running this:

(venv) picterra-python (master) $ python test.py 
INFO:root:Using base_url=http://app.picterra.ch/public/api/v2/; 3 max retries, 10 backoff and 30 timeout.
DEBUG:urllib3.connectionpool:Starting new HTTP connection (1): [app.picterra.ch:80](http://app.picterra.ch/)
send: b'POST /public/api/v2/detectors/ HTTP/1.1\r\nHost: [app.picterra.ch](http://app.picterra.ch/)\r\nUser-Agent: picterra-python python-requests/2.26.0\r\nAccept-Encoding: gzip, deflate\r\nAccept: */*\r\nConnection: keep-alive\r\nX-Api-Key: XXXXXXX\r\nContent-Length: 109\r\nContent-Type: application/json\r\n\r\n'
send: b'{"configuration": {"detection_type": "count", "output_type": "polygon", "training_steps": 500}, "name": "42"}'
reply: '**HTTP/1.1 301 Moved Permanently**\r\n'
header: Server: nginx
header: Date: Tue, 16 May 2023 05:54:34 GMT
header: Content-Type: text/html
header: Content-Length: 162
header: Location: https://app.picterra.ch/public/api/v2/detectors/
header: X-Frame-Options: SAMEORIGIN
header: Via: 1.1 google
DEBUG:urllib3.connectionpool:[http://app.picterra.ch:80](http://app.picterra.ch/) "POST /public/api/v2/detectors/ HTTP/1.1" 301 162
DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): [app.picterra.ch:443](http://app.picterra.ch:443/)
send: b'GET /public/api/v2/detectors/ HTTP/1.1\r\nHost: [app.picterra.ch](http://app.picterra.ch/)\r\nUser-Agent: picterra-python python-requests/2.26.0\r\nAccept-Encoding: gzip, deflate\r\nAccept: */*\r\nConnection: keep-alive\r\nX-Api-Key: XXXXXX\r\n\r\n'
reply: 'HTTP/1.1 200 OK\r\n'
header: Server: nginx
header: Date: Tue, 16 May 2023 05:54:35 GMT
header: Content-Type: application/json
header: Vary: Accept-Encoding
header: Allow: GET, POST, HEAD, OPTIONS
header: X-Picterra-Build-Version: 07d91c77e4d9aade4abec7de2a2d597d7b402c09
header: X-Frame-Options: DENY
header: Vary: Origin
header: X-Content-Type-Options: nosniff
header: Referrer-Policy: strict-origin-when-cross-origin
header: Cross-Origin-Opener-Policy: same-origin-allow-popups
header: X-Frame-Options: SAMEORIGIN
header: Content-Encoding: gzip
header: Via: 1.1 google
header: Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
header: Transfer-Encoding: chunked
DEBUG:urllib3.connectionpool:[https://app.picterra.ch:443](https://app.picterra.ch/) "GET /public/api/v2/detectors/ HTTP/1.1" 200 None
Traceback (most recent call last):
  File "/home/julien/picterra/picterra-python/test.py", line 14, in <module>
    client.create_detector('42')
  File "/home/julien/picterra/picterra-python/venv/lib/python3.10/site-packages/picterra/client.py", line 523, in create_detector
    raise APIError(resp.text)
picterra.client.APIError: {"count":373,"next":"http://app.picterra.ch/public/api/v2/detectors/?page_number=2","previous":null,"results":[{"id":"ce0772b9-a3e1-4908-b5b3-e9e2b1a0543f","name":"Construction Monitoring","is_runnable":false,"classes":[{"name":"class0","id":"ca8a7167-c564-45b2-93f8-ea74b5ec5607"}],"configuration":{"detection_type":"count","output_type":"polygon","training_steps":500,"backbone":"resnet34","tile_size":256,"background_sample_ratio":0.25}},{"id":"218aa9a7-0449-4686-9cf1-d0fa088c84d8","name":"Use case 1 - Utility monitoring","is_runnable":false,"classes":[{"name":"class0","id":"74314824-44fa-4f92-8212-7ba8c728328b"}],"configuration":{"detection_type":"se

So it's doing an initial POST, but then correctly getting a 301 redirect to the https URL (which is what we want).

Searching request github, I found this which seems to indicate this is what browser do (a 301 to a POST results in a GET to the new URL): psf/requests#5284, and HTTP clients follows.

SO thing we can do:

  • Idisable 301 handling in our client library (throw an error instead)Or checking if we can disable redirects.
  • Anothe thing to consider additionally is to check the regex of the base URL when not on local.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@restaste restaste

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@restaste @ao-picterra