aiohttp 3.8.0 wrong value of Request.rel_url.raw_path #6227

ech0-py · 2021-11-02T16:37:47Z

Describe the bug

Wrong value of Request.rel_url.raw_path when request was made with url in absolute form

To Reproduce

Make a simple server app with logging hook

from aiohttp import web


async def log(request, response):
    print('rel_url:', request.rel_url)
    print('raw_path:', request.rel_url.raw_path)


async def hello(request):
    return web.Response(text="Hello, world")


app = web.Application()
app.add_routes([web.get('/test', hello)])
app.on_response_prepare.append(log)
web.run_app(app, host='127.0.0.1', port=3322)

Make a request using relative form of url:
echo -e "GET /test HTTP/1.1\r\n\r\n" | nc -N 127.0.0.1 3322
Make a request using absolute form of url:
echo -e "GET http://aaa.com/test HTTP/1.1\r\n\r\n" | nc -N 127.0.0.1 3322

Expected behavior

Server logs the "raw_path" as /test in both cases

Logs/tracebacks

aiohttp==3.8.0

rel_url: /test
raw_path: /test

rel_url: http://abc.com/test
raw_path: http://abc.com/test

aiohttp==3.7.4

rel_url: /test
raw_path: /test

rel_url: http://abc.com/test
raw_path: /test

Python Version

Python 3.8.7

aiohttp Version

aiohttp==3.8.0

multidict Version

multidict==5.2.0

yarl Version

yarl==1.7.2

OS

Ubuntu 18.04

Related component

Server

Additional context

No response

Code of Conduct

I agree to follow the aio-libs Code of Conduct

The text was updated successfully, but these errors were encountered:

asvetlov · 2021-11-03T12:44:14Z

Good point.
I'm curious what client makes requests in absolute form?

ech0-py · 2021-11-03T13:26:59Z

Reverse proxies like nginx or haproxy have such option at least when redirecting response to a backend server (not enabled by default, though)

Bumps [aiohttp[speedups]](https://github.com/aio-libs/aiohttp) from 3.7.4 to 3.8.4. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/aio-libs/aiohttp/releases">aiohttp[speedups]'s releases</a>.</em></p> <blockquote> <h2>3.8.4</h2> <h2>Bugfixes</h2> <ul> <li>Fixed incorrectly overwriting cookies with the same name and domain, but different path. (<a href="https://github-redirect.dependabot.com/aio-libs/aiohttp/issues/6638">#6638</a>)</li> <li>Fixed <code>ConnectionResetError</code> not being raised after client disconnection in SSL environments. (<a href="https://github-redirect.dependabot.com/aio-libs/aiohttp/issues/7180">#7180</a>)</li> </ul> <hr /> <h2>3.8.3</h2> <p>.. attention::</p> <p>This is the last :doc:<code>aiohttp <index></code> release tested under Python 3.6. The 3.9 stream is dropping it from the CI and the distribution package metadata.</p> <h2>Bugfixes</h2> <ul> <li> <p>Increased the upper boundary of the :doc:<code>multidict:index</code> dependency to allow for the version 6 -- by :user:<code>hugovk</code>.</p> <p>It used to be limited below version 7 in :doc:<code>aiohttp <index></code> v3.8.1 but was lowered in v3.8.2 via :pr:<code>6550</code> and never brought back, causing problems with dependency pins when upgrading. :doc:<code>aiohttp <index></code> v3.8.3 fixes that by recovering the original boundary of <code>< 7</code>. (<a href="https://github-redirect.dependabot.com/aio-libs/aiohttp/issues/6950">#6950</a>)</p> </li> </ul> <hr /> <h1>3.8.2 (2022-09-20, subsequently yanked on 2022-09-21)</h1> <p>.. note::</p> <p>This release has some compatibility fixes for Python 3.11 but it may still have some quirks. Some tests are still flaky in the CI.</p> <p>.. caution::</p> <p>This release has been yanked from PyPI. Modern pip will not pick it up automatically. The reason is that is has <code>multidict < 6</code> set in the distribution package metadata (see :pr:<code>6950</code>). Please, use <code>aiohttp ~= 3.8.3, != 3.8.1</code> instead, if you can.</p>  </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/aio-libs/aiohttp/blob/master/CHANGES.rst">aiohttp[speedups]'s changelog</a>.</em></p> <blockquote> <h1>3.8.4 (2023-02-12)</h1> <h2>Bugfixes</h2> <ul> <li>Fixed incorrectly overwriting cookies with the same name and domain, but different path. <code>[#6638](aio-libs/aiohttp#6638) <https://github.com/aio-libs/aiohttp/issues/6638></code>_</li> <li>Fixed <code>ConnectionResetError</code> not being raised after client disconnection in SSL environments. <code>[#7180](aio-libs/aiohttp#7180) <https://github.com/aio-libs/aiohttp/issues/7180></code>_</li> </ul> <hr /> <h1>3.8.3 (2022-09-21)</h1> <p>.. attention::</p> <p>This is the last :doc:<code>aiohttp <index></code> release tested under Python 3.6. The 3.9 stream is dropping it from the CI and the distribution package metadata.</p> <h2>Bugfixes</h2> <ul> <li> <p>Increased the upper boundary of the :doc:<code>multidict:index</code> dependency to allow for the version 6 -- by :user:<code>hugovk</code>.</p> <p>It used to be limited below version 7 in :doc:<code>aiohttp <index></code> v3.8.1 but was lowered in v3.8.2 via :pr:<code>6550</code> and never brought back, causing problems with dependency pins when upgrading. :doc:<code>aiohttp <index></code> v3.8.3 fixes that by recovering the original boundary of <code>< 7</code>. <code>[#6950](aio-libs/aiohttp#6950) <https://github.com/aio-libs/aiohttp/issues/6950></code>_</p> </li> </ul> <hr /> <h1>3.8.2 (2022-09-20, subsequently yanked on 2022-09-21)</h1> <h2>Bugfixes</h2> <ul> <li>Support registering OPTIONS HTTP method handlers via RouteTableDef. <code>[#4663](aio-libs/aiohttp#4663) <https://github.com/aio-libs/aiohttp/issues/4663></code>_</li> <li>Started supporting <code>authority-form</code> and <code>absolute-form</code> URLs on the server-side. <code>[#6227](aio-libs/aiohttp#6227) <https://github.com/aio-libs/aiohttp/issues/6227></code>_</li> </ul>  </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/aio-libs/aiohttp/commit/33953f110e97eecc707e1402daa8d543f38a189b"><code>33953f1</code></a> Release v3.8.4 (<a href="https://github-redirect.dependabot.com/aio-libs/aiohttp/issues/7207">#7207</a>)</li> <li><a href="https://github.com/aio-libs/aiohttp/commit/28854a4743cb367351397bd0a8b38469f28f369a"><code>28854a4</code></a> Fix ConnectionResetError not being raised when the transport is close… (<a href="https://github-redirect.dependabot.com/aio-libs/aiohttp/issues/7199">#7199</a>)</li> <li><a href="https://github.com/aio-libs/aiohttp/commit/565cc2132a4c3667e0601f055cff913526226352"><code>565cc21</code></a> Raise upper bound of charset-normalizer</li> <li><a href="https://github.com/aio-libs/aiohttp/commit/ba573e267c0601e97b7caafb7ac9ad4ec7c7d52d"><code>ba573e2</code></a> [3.8] Fix CI (<a href="https://github-redirect.dependabot.com/aio-libs/aiohttp/issues/7143">#7143</a>) (<a href="https://github-redirect.dependabot.com/aio-libs/aiohttp/issues/7200">#7200</a>)</li> <li><a href="https://github.com/aio-libs/aiohttp/commit/9cde3b47e10b04b9db3bf86611d01132d852c0c7"><code>9cde3b4</code></a> Update .pre-commit-config.yaml</li> <li><a href="https://github.com/aio-libs/aiohttp/commit/ed04b4da2e0fbb504728064335fc0cdcd52773c6"><code>ed04b4d</code></a> [PR <a href="https://github-redirect.dependabot.com/aio-libs/aiohttp/issues/7154">#7154</a>/283861dd backport][3.8] fixed error in ContentDisposition doc (<a href="https://github-redirect.dependabot.com/aio-libs/aiohttp/issues/7155">#7155</a>)</li> <li><a href="https://github.com/aio-libs/aiohttp/commit/8cf01adc8c8dbf706e4cd33bf89fd5195f638715"><code>8cf01ad</code></a> [3.8] Fix cookie handling (<a href="https://github-redirect.dependabot.com/aio-libs/aiohttp/issues/6638">#6638</a>) (<a href="https://github-redirect.dependabot.com/aio-libs/aiohttp/issues/6974">#6974</a>)</li> <li><a href="https://github.com/aio-libs/aiohttp/commit/6d4ec02dcbfaa849aa6756dec9f2314bf8665ff5"><code>6d4ec02</code></a> Merge branch 'release/v3.8.3' into 3.8</li> <li><a href="https://github.com/aio-libs/aiohttp/commit/e4bce667f6bef14d34cfc32276cfdaf95de4c033"><code>e4bce66</code></a> Bump the hardcoded version to v3.8.3.post0.dev0</li> <li><a href="https://github.com/aio-libs/aiohttp/commit/0f8d39ff7bacfef6e4dad00e1b20895cd50b8396"><code>0f8d39f</code></a> Revert "Stop including an empty changelog draft in Sphinx"</li> <li>Additional commits viewable in <a href="https://github.com/aio-libs/aiohttp/compare/v3.7.4...v3.8.4">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=aiohttp[speedups]&package-manager=pip&previous-version=3.7.4&new-version=3.8.4)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Bumps [aiohttp](https://github.com/aio-libs/aiohttp) from 3.7.4 to 3.8.4. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/aio-libs/aiohttp/releases">aiohttp's releases</a>.</em></p> <blockquote> <h2>3.8.4</h2> <h2>Bugfixes</h2> <ul> <li>Fixed incorrectly overwriting cookies with the same name and domain, but different path. (<a href="https://github-redirect.dependabot.com/aio-libs/aiohttp/issues/6638">#6638</a>)</li> <li>Fixed <code>ConnectionResetError</code> not being raised after client disconnection in SSL environments. (<a href="https://github-redirect.dependabot.com/aio-libs/aiohttp/issues/7180">#7180</a>)</li> </ul> <hr /> <h2>3.8.3</h2> <p>.. attention::</p> <p>This is the last :doc:<code>aiohttp <index></code> release tested under Python 3.6. The 3.9 stream is dropping it from the CI and the distribution package metadata.</p> <h2>Bugfixes</h2> <ul> <li> <p>Increased the upper boundary of the :doc:<code>multidict:index</code> dependency to allow for the version 6 -- by :user:<code>hugovk</code>.</p> <p>It used to be limited below version 7 in :doc:<code>aiohttp <index></code> v3.8.1 but was lowered in v3.8.2 via :pr:<code>6550</code> and never brought back, causing problems with dependency pins when upgrading. :doc:<code>aiohttp <index></code> v3.8.3 fixes that by recovering the original boundary of <code>< 7</code>. (<a href="https://github-redirect.dependabot.com/aio-libs/aiohttp/issues/6950">#6950</a>)</p> </li> </ul> <hr /> <h1>3.8.2 (2022-09-20, subsequently yanked on 2022-09-21)</h1> <p>.. note::</p> <p>This release has some compatibility fixes for Python 3.11 but it may still have some quirks. Some tests are still flaky in the CI.</p> <p>.. caution::</p> <p>This release has been yanked from PyPI. Modern pip will not pick it up automatically. The reason is that is has <code>multidict < 6</code> set in the distribution package metadata (see :pr:<code>6950</code>). Please, use <code>aiohttp ~= 3.8.3, != 3.8.1</code> instead, if you can.</p>  </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/aio-libs/aiohttp/blob/master/CHANGES.rst">aiohttp's changelog</a>.</em></p> <blockquote> <h1>3.8.4 (2023-02-12)</h1> <h2>Bugfixes</h2> <ul> <li>Fixed incorrectly overwriting cookies with the same name and domain, but different path. <code>[#6638](aio-libs/aiohttp#6638) <https://github.com/aio-libs/aiohttp/issues/6638></code>_</li> <li>Fixed <code>ConnectionResetError</code> not being raised after client disconnection in SSL environments. <code>[#7180](aio-libs/aiohttp#7180) <https://github.com/aio-libs/aiohttp/issues/7180></code>_</li> </ul> <hr /> <h1>3.8.3 (2022-09-21)</h1> <p>.. attention::</p> <p>This is the last :doc:<code>aiohttp <index></code> release tested under Python 3.6. The 3.9 stream is dropping it from the CI and the distribution package metadata.</p> <h2>Bugfixes</h2> <ul> <li> <p>Increased the upper boundary of the :doc:<code>multidict:index</code> dependency to allow for the version 6 -- by :user:<code>hugovk</code>.</p> <p>It used to be limited below version 7 in :doc:<code>aiohttp <index></code> v3.8.1 but was lowered in v3.8.2 via :pr:<code>6550</code> and never brought back, causing problems with dependency pins when upgrading. :doc:<code>aiohttp <index></code> v3.8.3 fixes that by recovering the original boundary of <code>< 7</code>. <code>[#6950](aio-libs/aiohttp#6950) <https://github.com/aio-libs/aiohttp/issues/6950></code>_</p> </li> </ul> <hr /> <h1>3.8.2 (2022-09-20, subsequently yanked on 2022-09-21)</h1> <h2>Bugfixes</h2> <ul> <li>Support registering OPTIONS HTTP method handlers via RouteTableDef. <code>[#4663](aio-libs/aiohttp#4663) <https://github.com/aio-libs/aiohttp/issues/4663></code>_</li> <li>Started supporting <code>authority-form</code> and <code>absolute-form</code> URLs on the server-side. <code>[#6227](aio-libs/aiohttp#6227) <https://github.com/aio-libs/aiohttp/issues/6227></code>_</li> </ul>  </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/aio-libs/aiohttp/commit/33953f110e97eecc707e1402daa8d543f38a189b"><code>33953f1</code></a> Release v3.8.4 (<a href="https://github-redirect.dependabot.com/aio-libs/aiohttp/issues/7207">#7207</a>)</li> <li><a href="https://github.com/aio-libs/aiohttp/commit/28854a4743cb367351397bd0a8b38469f28f369a"><code>28854a4</code></a> Fix ConnectionResetError not being raised when the transport is close… (<a href="https://github-redirect.dependabot.com/aio-libs/aiohttp/issues/7199">#7199</a>)</li> <li><a href="https://github.com/aio-libs/aiohttp/commit/565cc2132a4c3667e0601f055cff913526226352"><code>565cc21</code></a> Raise upper bound of charset-normalizer</li> <li><a href="https://github.com/aio-libs/aiohttp/commit/ba573e267c0601e97b7caafb7ac9ad4ec7c7d52d"><code>ba573e2</code></a> [3.8] Fix CI (<a href="https://github-redirect.dependabot.com/aio-libs/aiohttp/issues/7143">#7143</a>) (<a href="https://github-redirect.dependabot.com/aio-libs/aiohttp/issues/7200">#7200</a>)</li> <li><a href="https://github.com/aio-libs/aiohttp/commit/9cde3b47e10b04b9db3bf86611d01132d852c0c7"><code>9cde3b4</code></a> Update .pre-commit-config.yaml</li> <li><a href="https://github.com/aio-libs/aiohttp/commit/ed04b4da2e0fbb504728064335fc0cdcd52773c6"><code>ed04b4d</code></a> [PR <a href="https://github-redirect.dependabot.com/aio-libs/aiohttp/issues/7154">#7154</a>/283861dd backport][3.8] fixed error in ContentDisposition doc (<a href="https://github-redirect.dependabot.com/aio-libs/aiohttp/issues/7155">#7155</a>)</li> <li><a href="https://github.com/aio-libs/aiohttp/commit/8cf01adc8c8dbf706e4cd33bf89fd5195f638715"><code>8cf01ad</code></a> [3.8] Fix cookie handling (<a href="https://github-redirect.dependabot.com/aio-libs/aiohttp/issues/6638">#6638</a>) (<a href="https://github-redirect.dependabot.com/aio-libs/aiohttp/issues/6974">#6974</a>)</li> <li><a href="https://github.com/aio-libs/aiohttp/commit/6d4ec02dcbfaa849aa6756dec9f2314bf8665ff5"><code>6d4ec02</code></a> Merge branch 'release/v3.8.3' into 3.8</li> <li><a href="https://github.com/aio-libs/aiohttp/commit/e4bce667f6bef14d34cfc32276cfdaf95de4c033"><code>e4bce66</code></a> Bump the hardcoded version to v3.8.3.post0.dev0</li> <li><a href="https://github.com/aio-libs/aiohttp/commit/0f8d39ff7bacfef6e4dad00e1b20895cd50b8396"><code>0f8d39f</code></a> Revert "Stop including an empty changelog draft in Sphinx"</li> <li>Additional commits viewable in <a href="https://github.com/aio-libs/aiohttp/compare/v3.7.4...v3.8.4">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=aiohttp&package-manager=pip&previous-version=3.7.4&new-version=3.8.4)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) You can trigger a rebase of this PR by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details>> **Note** > Automatic rebases have been disabled on this pull request as it has been open for over 30 days. Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

ech0-py added the bug label Nov 2, 2021

asvetlov self-assigned this Nov 3, 2021

garibarba mentioned this issue Dec 5, 2021

S3 error : Unable to locate credentials fsspec/s3fs#558

Closed

This was referenced Dec 7, 2021

Misc/app configure timeout ceil threshold #6316

Merged

Support absolute-form and authority-form URLs by web server #6409

Merged

asvetlov closed this as completed in #6409 Dec 13, 2021

dabio mentioned this issue Sep 22, 2022

Bump aiohttp from 3.8.1 to 3.8.3 dabio/rafi#118

Closed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

aiohttp 3.8.0 wrong value of Request.rel_url.raw_path #6227

aiohttp 3.8.0 wrong value of Request.rel_url.raw_path #6227

ech0-py commented Nov 2, 2021 •

edited

Loading

asvetlov commented Nov 3, 2021

ech0-py commented Nov 3, 2021

aiohttp 3.8.0 wrong value of Request.rel_url.raw_path #6227

aiohttp 3.8.0 wrong value of Request.rel_url.raw_path #6227

Comments

ech0-py commented Nov 2, 2021 • edited Loading

Describe the bug

To Reproduce

Expected behavior

Logs/tracebacks

Python Version

aiohttp Version

multidict Version

yarl Version

OS

Related component

Additional context

Code of Conduct

asvetlov commented Nov 3, 2021

ech0-py commented Nov 3, 2021

ech0-py commented Nov 2, 2021 •

edited

Loading