From 81c7ff7f8db09b5d609a09722785f70ec6f7af68 Mon Sep 17 00:00:00 2001 From: David Lord Date: Fri, 25 Mar 2022 11:48:26 -0700 Subject: [PATCH] update tests for relative redirects --- CHANGES.rst | 3 +++ docs/tutorial/tests.rst | 8 ++++---- examples/tutorial/tests/test_auth.py | 4 ++-- examples/tutorial/tests/test_blog.py | 4 ++-- src/flask/wrappers.py | 2 ++ tests/test_regression.py | 8 +++++++- 6 files changed, 20 insertions(+), 9 deletions(-) diff --git a/CHANGES.rst b/CHANGES.rst index ec3009a3f6..e471d6a8a6 100644 --- a/CHANGES.rst +++ b/CHANGES.rst @@ -52,6 +52,9 @@ Unreleased :issue:`4095, 4295, 4297` - Fix typing for ``__exit__`` methods for better compatibility with ``ExitStack``. :issue:`4474` +- From Werkzeug, for redirect responses the ``Location`` header URL + will remain relative, and exclude the scheme and domain, by default. + :pr:`4496` Version 2.0.3 diff --git a/docs/tutorial/tests.rst b/docs/tutorial/tests.rst index f97d19dfb1..cb60790cf5 100644 --- a/docs/tutorial/tests.rst +++ b/docs/tutorial/tests.rst @@ -266,7 +266,7 @@ messages. response = client.post( '/auth/register', data={'username': 'a', 'password': 'a'} ) - assert 'http://localhost/auth/login' == response.headers['Location'] + assert response.headers["Location"] == "/auth/login" with app.app_context(): assert get_db().execute( @@ -319,7 +319,7 @@ The tests for the ``login`` view are very similar to those for def test_login(client, auth): assert client.get('/auth/login').status_code == 200 response = auth.login() - assert response.headers['Location'] == 'http://localhost/' + assert response.headers["Location"] == "/" with client: client.get('/') @@ -404,7 +404,7 @@ is returned. If a ``post`` with the given ``id`` doesn't exist, )) def test_login_required(client, path): response = client.post(path) - assert response.headers['Location'] == 'http://localhost/auth/login' + assert response.headers["Location"] == "/auth/login" def test_author_required(app, client, auth): @@ -479,7 +479,7 @@ no longer exist in the database. def test_delete(client, auth, app): auth.login() response = client.post('/1/delete') - assert response.headers['Location'] == 'http://localhost/' + assert response.headers["Location"] == "/" with app.app_context(): db = get_db() diff --git a/examples/tutorial/tests/test_auth.py b/examples/tutorial/tests/test_auth.py index 0bc0a9dbec..76db62f79d 100644 --- a/examples/tutorial/tests/test_auth.py +++ b/examples/tutorial/tests/test_auth.py @@ -11,7 +11,7 @@ def test_register(client, app): # test that successful registration redirects to the login page response = client.post("/auth/register", data={"username": "a", "password": "a"}) - assert "http://localhost/auth/login" == response.headers["Location"] + assert response.headers["Location"] == "/auth/login" # test that the user was inserted into the database with app.app_context(): @@ -42,7 +42,7 @@ def test_login(client, auth): # test that successful login redirects to the index page response = auth.login() - assert response.headers["Location"] == "http://localhost/" + assert response.headers["Location"] == "/" # login request set the user_id in the session # check that the user is loaded from the session diff --git a/examples/tutorial/tests/test_blog.py b/examples/tutorial/tests/test_blog.py index 91859686ca..55c769d817 100644 --- a/examples/tutorial/tests/test_blog.py +++ b/examples/tutorial/tests/test_blog.py @@ -19,7 +19,7 @@ def test_index(client, auth): @pytest.mark.parametrize("path", ("/create", "/1/update", "/1/delete")) def test_login_required(client, path): response = client.post(path) - assert response.headers["Location"] == "http://localhost/auth/login" + assert response.headers["Location"] == "/auth/login" def test_author_required(app, client, auth): @@ -75,7 +75,7 @@ def test_create_update_validate(client, auth, path): def test_delete(client, auth, app): auth.login() response = client.post("/1/delete") - assert response.headers["Location"] == "http://localhost/" + assert response.headers["Location"] == "/" with app.app_context(): db = get_db() diff --git a/src/flask/wrappers.py b/src/flask/wrappers.py index 9a1611c44a..bf31fc5604 100644 --- a/src/flask/wrappers.py +++ b/src/flask/wrappers.py @@ -155,6 +155,8 @@ class Response(ResponseBase): json_module = json + autocorrect_location_header = False + @property def max_cookie_size(self) -> int: # type: ignore """Read-only view of the :data:`MAX_COOKIE_SIZE` config key. diff --git a/tests/test_regression.py b/tests/test_regression.py index 63c8fa9107..0ddcf972d2 100644 --- a/tests/test_regression.py +++ b/tests/test_regression.py @@ -19,6 +19,12 @@ def test(): with app.test_client() as c: rv = c.get("/") - assert rv.headers["Location"] == "http://localhost/test" + location_parts = rv.headers["Location"].rpartition("/") + + if location_parts[0]: + # For older Werkzeug that used absolute redirects. + assert location_parts[0] == "http://localhost" + + assert location_parts[2] == "test" rv = c.get("/test") assert rv.data == b"42"