Fix infinite redirect loop with FQDN trailing dot#7326
Closed
Fix infinite redirect loop with FQDN trailing dot#7326
Conversation
When making requests to a URL with a trailing dot FQDN (e.g. https://pyropus.ca./), the server redirects to the non-FQDN version (https://pyropus.ca/) but requests keeps requesting the FQDN form, causing an infinite redirect loop. The fix normalizes the host by stripping the trailing dot during URL preparation, following the behavior of browsers and curl which already do. This prevents infinite redirect loops and ensures consistent host comparison between original and redirect URLs. No trailing dot normalization also prevents the issue where host.startswith('.') incorrectly rejects all FQDNs - only host.startswith('.') should be rejected. Host='pyropus.ca.' was be correctly normalized. The netloc reconstruction preserves the stripped host for so the URL looks like: https://pyropus.ca/ instead of https://pyropus.ca./. Co Closes #7209
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Problem
When making a request to a URL with a trailing dot FQDN (e.g.
https://pyropus.ca./),requestsgets stuck in an infinite redirect loop, eventually raisingTooManyRedirects.The server redirects to the non-FQDN version (
https://pyropus.ca/), but the FQDN trailing dot in the Host header causes requests to see the same URL and loops infinitely.Browsers and curl normalize FQDNs by stripping the trailing dot.
Fix
Strip trailing dot from host during URL preparation in
prepare_url(). This ensures the Host header is sent without the trailing dot, preventing the redirect loop.Also fix overly strict validation that rejected all hosts starting with
.- only leading dots should be rejected ( not bare dots at the start of a label).Add a comment explaining the RFC 1035 context.
Testing
Before:
After
Closes #7209