httpx 1.1.2 → 1.1.3

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 118700ac0c350952382970ddb1ed33d74d954e1ddd6c2f82bb032cc24a3a5d22
-  data.tar.gz: 160644aeefb2ed61a8bda67b7896bbd2a4a4211cf9283ebe4e9a244ac237e780
+  metadata.gz: 88e35920c570a12032835c1c67c9ffde6119b0f5e26e357ba58dbe385e1483a5
+  data.tar.gz: e421a0532b92e6a1e689c1d907ef0b87d98e6589093d791ce9a905d475b0c638
 SHA512:
-  metadata.gz: 97d15923bd32a0378bcf54a147b37b308eda78a74f67f339467dd3130cffd0aab7dace5bb368dbf9f5a203f6bc73ea37db394e153107daaf3c81b389f269d849
-  data.tar.gz: 16e71f8eb94de6314a77b96620be5db341afa81f2fb026780bd467fa0aaa9aa3d395d3afca5f59ebbd3aae507b33c88d22a4c864e40bfa4b23031162a365bcb8
+  metadata.gz: e01adb8c3974497b091c72d8b9848dd02973c19924c910be4649f83c3430b579a6ea0889f0f27a348cabbddd6ed56cc1b682be0ae984b4dd0ef5dbf76543ba8e
+  data.tar.gz: 343ace24f2a3be6ce420b4c5f8fbe919ad84dabdc8f3b97bbafc3bda8466fef6dfa48a1985478fd7ec6056678818a60b9cfb158f4423569086f42d4c27c696f6

data/README.md

@@ -46,7 +46,7 @@ And that's the simplest one there is. But you can also do:
 HTTPX.post("http://example.com", form: { user: "john", password: "pass" })
 
 http = HTTPX.with(headers: { "x-my-name" => "joe" })
-http.patch(("http://example.com/file", body: File.open("path/to/file")) # request body is streamed
+http.patch("http://example.com/file", body: File.open("path/to/file")) # request body is streamed
 ```
 
 If you want to do some more things with the response, you can get an `HTTPX::Response`:
@@ -151,7 +151,7 @@ All Rubies greater or equal to 2.7, and always latest JRuby and Truffleruby.
 
 ## Versioning Policy
 
-Although 0.x software, `httpx` is considered API-stable and production-ready, i.e. current API or options may be subject to deprecation and emit log warnings, but can only effectively be removed in a major version change.
+`httpx` follows Semantic Versioning.
 
 ## Contributing
 

data/doc/release_notes/1_1_3.md

@@ -0,0 +1,18 @@
+# 1.1.2
+
+## improvements
+
+## security
+
+* when using `:follow_redirects` plugin, the "authorization" header will be removed when following redirect responses to a different origin.
+
+## bugfixes
+
+* fixed `:stream` plugin not following redirect responses when used with the `:follow_redirects` plugin.
+* fixed `:stream` plugin not doing content decoding when responses were p.ex. gzip-compressed.
+* fixed bug preventing usage of IPv6 loopback or link-local addresses in the request URL in systems with no IPv6 internet connectivity (the request was left hanging).
+* protect all code which may initiate a new connection from abrupt errors (such as internet turned off), as it was done on the initial request call.
+
+## chore
+
+internal usage of `mutex_m` has been removed (`mutex_m` is going to be deprecated in ruby 3.3).

data/lib/httpx/altsvc.rb

@@ -4,7 +4,7 @@ require "strscan"
 
 module HTTPX
   module AltSvc
-    @altsvc_mutex = Mutex.new
+    @altsvc_mutex = Thread::Mutex.new
     @altsvcs = Hash.new { |h, k| h[k] = [] }
 
     module_function

data/lib/httpx/plugins/circuit_breaker/circuit_store.rb

@@ -1,7 +1,5 @@
 # frozen_string_literal: true
 
-require "mutex_m"
-
 module HTTPX::Plugins::CircuitBreaker
   using HTTPX::URIExtensions
 
@@ -15,17 +13,17 @@ module HTTPX::Plugins::CircuitBreaker
           options.circuit_breaker_half_open_drip_rate
         )
       end
-      @circuits.extend(Mutex_m)
+      @circuits_mutex = Thread::Mutex.new
     end
 
     def try_open(uri, response)
-      circuit = @circuits.synchronize { get_circuit_for_uri(uri) }
+      circuit = @circuits_mutex.synchronize { get_circuit_for_uri(uri) }
 
       circuit.try_open(response)
     end
 
     def try_close(uri)
-      circuit = @circuits.synchronize do
+      circuit = @circuits_mutex.synchronize do
         return unless @circuits.key?(uri.origin) || @circuits.key?(uri.to_s)
 
         get_circuit_for_uri(uri)
@@ -37,7 +35,7 @@ module HTTPX::Plugins::CircuitBreaker
     # if circuit is open, it'll respond with the stored response.
     # if not, nil.
     def try_respond(request)
-      circuit = @circuits.synchronize { get_circuit_for_uri(request.uri) }
+      circuit = @circuits_mutex.synchronize { get_circuit_for_uri(request.uri) }
 
       circuit.respond
     end

data/lib/httpx/plugins/expect.rb

@@ -99,8 +99,7 @@ module HTTPX
             response.close
             request.headers.delete("expect")
             request.transition(:idle)
-            connection = find_connection(request, connections, options)
-            connection.send(request)
+            send_request(request, connections, options)
             return
           end
 

data/lib/httpx/plugins/follow_redirects.rb

@@ -17,6 +17,8 @@ module HTTPX
       MAX_REDIRECTS = 3
       REDIRECT_STATUS = (300..399).freeze
 
+      using URIExtensions
+
       module OptionsMethods
         def option_max_redirects(value)
           num = Integer(value)
@@ -28,6 +30,10 @@ module HTTPX
         def option_follow_insecure_redirects(value)
           value
         end
+
+        def option_allow_auth_to_other_origins(value)
+          value
+        end
       end
 
       module InstanceMethods
@@ -61,25 +67,31 @@ module HTTPX
             redirect_uri = redirect_request.uri
             options = retry_options
           else
+            redirect_headers = redirect_request_headers(redirect_request.uri, redirect_uri, request.headers, options)
 
             # redirects are **ALWAYS** GET
-            retry_options = options.merge(headers: redirect_request.headers,
-                                          body: redirect_request.body,
-                                          max_redirects: max_redirects - 1)
+            retry_opts = Hash[options].merge(
+              headers: redirect_headers.to_h,
+              body: redirect_request.body,
+              max_redirects: max_redirects - 1
+            )
+            retry_options = options.class.new(retry_opts)
           end
 
-          retry_request = build_request("GET", redirect_uri, retry_options)
-
-          request.redirect_request = retry_request
+          redirect_uri = Utils.to_uri(redirect_uri)
 
           if !options.follow_insecure_redirects &&
              response.uri.scheme == "https" &&
-             retry_request.uri.scheme == "http"
-            error = InsecureRedirectError.new(retry_request.uri.to_s)
+             redirect_uri.scheme == "http"
+            error = InsecureRedirectError.new(redirect_uri.to_s)
             error.set_backtrace(caller)
             return ErrorResponse.new(request, error, options)
           end
 
+          retry_request = build_request("GET", redirect_uri, retry_options)
+
+          request.redirect_request = retry_request
+
           retry_after = response.headers["retry-after"]
 
           if retry_after
@@ -93,16 +105,27 @@ module HTTPX
 
             log { "redirecting after #{retry_after} secs..." }
             pool.after(retry_after) do
-              connection = find_connection(retry_request, connections, options)
-              connection.send(retry_request)
+              send_request(retry_request, connections, options)
             end
           else
-            connection = find_connection(retry_request, connections, options)
-            connection.send(retry_request)
+            send_request(retry_request, connections, options)
           end
           nil
         end
 
+        def redirect_request_headers(original_uri, redirect_uri, headers, options)
+          return headers if options.allow_auth_to_other_origins
+
+          return headers unless headers.key?("authorization")
+
+          unless original_uri.origin == redirect_uri.origin
+            headers = headers.dup
+            headers.delete("authorization")
+          end
+
+          headers
+        end
+
         def __get_location_from_response(response)
           location_uri = URI(response.headers["location"])
           location_uri = response.uri.merge(location_uri) if location_uri.relative?
@@ -111,14 +134,18 @@ module HTTPX
       end
 
       module RequestMethods
-        def self.included(klass)
-          klass.__send__(:attr_writer, :redirect_request)
-        end
+        attr_accessor :root_request
 
         def redirect_request
           @redirect_request || self
         end
 
+        def redirect_request=(req)
+          @redirect_request = req
+          req.root_request = @root_request || self
+          @response = nil
+        end
+
         def response
           return super unless @redirect_request
 

data/lib/httpx/plugins/proxy/http.rb

@@ -38,7 +38,7 @@ module HTTPX
                 request.transition(:idle)
                 request.headers["proxy-authorization"] =
                   connection.options.proxy.authenticate(request, response.headers["proxy-authenticate"])
-                connection.send(request)
+                send_request(request, connections)
                 return
               end
             end

data/lib/httpx/plugins/proxy.rb

@@ -166,9 +166,7 @@ module HTTPX
             @_proxy_uris.shift
             log { "failed connecting to proxy, trying next..." }
             request.transition(:idle)
-            connection = find_connection(request, connections, options)
-            connections << connection unless connections.include?(connection)
-            connection.send(request)
+            send_request(request, connections, options)
             return
           end
           response

data/lib/httpx/plugins/response_cache/store.rb

@@ -1,17 +1,15 @@
 # frozen_string_literal: true
 
-require "mutex_m"
-
 module HTTPX::Plugins
   module ResponseCache
     class Store
       def initialize
         @store = {}
-        @store.extend(Mutex_m)
+        @store_mutex = Thread::Mutex.new
       end
 
       def clear
-        @store.synchronize { @store.clear }
+        @store_mutex.synchronize { @store.clear }
       end
 
       def lookup(request)
@@ -66,7 +64,7 @@ module HTTPX::Plugins
       end
 
       def _get(request)
-        @store.synchronize do
+        @store_mutex.synchronize do
           responses = @store[request.response_cache_key]
 
           return unless responses
@@ -80,7 +78,7 @@ module HTTPX::Plugins
       end
 
       def _set(request, response)
-        @store.synchronize do
+        @store_mutex.synchronize do
           responses = (@store[request.response_cache_key] ||= [])
 
           responses.reject! do |res|

data/lib/httpx/plugins/retries.rb

@@ -113,12 +113,10 @@ module HTTPX
               log { "retrying after #{retry_after} secs..." }
               pool.after(retry_after) do
                 log { "retrying (elapsed time: #{Utils.elapsed_time(retry_start)})!!" }
-                connection = find_connection(request, connections, options)
-                connection.send(request)
+                send_request(request, connections, options)
               end
             else
-              connection = find_connection(request, connections, options)
-              connection.send(request)
+              send_request(request, connections, options)
             end
 
             return

data/lib/httpx/plugins/stream.rb

@@ -11,8 +11,6 @@ module HTTPX
     def each(&block)
       return enum_for(__method__) unless block
 
-      raise Error, "response already streamed" if @response
-
       @request.stream = self
 
       begin
@@ -119,7 +117,10 @@ module HTTPX
 
       module ResponseMethods
         def stream
-          @request.stream
+          request = @request.root_request if @request.respond_to?(:root_request)
+          request ||= @request
+
+          request.stream
         end
       end
 
@@ -132,7 +133,13 @@ module HTTPX
         def write(chunk)
           return super unless @stream
 
-          @stream.on_chunk(chunk.to_s.dup)
+          return 0 if chunk.empty?
+
+          chunk = decode_chunk(chunk)
+
+          @stream.on_chunk(chunk.dup)
+
+          chunk.size
         end
 
         private

data/lib/httpx/plugins/upgrade.rb

@@ -46,7 +46,6 @@ module HTTPX
 
             log { "upgrading to #{upgrade_protocol}..." }
             connection = find_connection(request, connections, options)
-            connections << connection unless connections.include?(connection)
 
             # do not upgrade already upgraded connections
             return if connection.upgrade_protocol == upgrade_protocol

data/lib/httpx/resolver/multi.rb

@@ -46,14 +46,15 @@ module HTTPX
       addresses = @resolver_options[:cache] && (connection.addresses || HTTPX::Resolver.nolookup_resolve(hostname))
       return unless addresses
 
-      addresses = addresses.group_by(&:family)
+      addresses.group_by(&:family).sort { |(f1, _), (f2, _)| f2 <=> f1 }.each do |family, addrs|
+        # try to match the resolver by family. However, there are cases where that's not possible, as when
+        # the system does not have IPv6 connectivity, but it does support IPv6 via loopback/link-local.
+        resolver = @resolvers.find { |r| r.family == family } || @resolvers.first
 
-      @resolvers.each do |resolver|
-        addrs = addresses[resolver.family]
+        next unless resolver # this should ever happen
 
-        next if !addrs || addrs.empty?
-
-        resolver.emit_addresses(connection, resolver.family, addrs, true)
+        # it does not matter which resolver it is, as early-resolve code is shared.
+        resolver.emit_addresses(connection, family, addrs, true)
       end
     end
 

data/lib/httpx/resolver.rb

@@ -13,10 +13,10 @@ module HTTPX
     require "httpx/resolver/https"
     require "httpx/resolver/multi"
 
-    @lookup_mutex = Mutex.new
+    @lookup_mutex = Thread::Mutex.new
     @lookups = Hash.new { |h, k| h[k] = [] }
 
-    @identifier_mutex = Mutex.new
+    @identifier_mutex = Thread::Mutex.new
     @identifier = 1
     @system_resolver = Resolv::Hosts.new
 

data/lib/httpx/response/body.rb

@@ -41,9 +41,9 @@ module HTTPX
     def write(chunk)
       return if @state == :closed
 
-      @inflaters.reverse_each do |inflater|
-        chunk = inflater.call(chunk)
-      end if @inflaters && !chunk.empty?
+      return 0 if chunk.empty?
+
+      chunk = decode_chunk(chunk)
 
       size = chunk.bytesize
       @length += size
@@ -187,6 +187,14 @@ module HTTPX
       end
     end
 
+    def decode_chunk(chunk)
+      @inflaters.reverse_each do |inflater|
+        chunk = inflater.call(chunk)
+      end if @inflaters
+
+      chunk
+    end
+
     def transition(nextstate)
       case nextstate
       when :open

data/lib/httpx/session.rb

@@ -151,6 +151,16 @@ module HTTPX
       connection
     end
 
+    def send_request(request, connections, options = request.options)
+      error = catch(:resolve_error) do
+        connection = find_connection(request, connections, options)
+        connection.send(request)
+      end
+      return unless error.is_a?(Error)
+
+      request.emit(:response, ErrorResponse.new(request, error, options))
+    end
+
     # sets the callbacks on the +connection+ required to process certain specific
     # connection lifecycle events which deal with request rerouting.
     def set_connection_callbacks(connection, connections, options)
@@ -281,13 +291,7 @@ module HTTPX
       connections = []
 
       requests.each do |request|
-        error = catch(:resolve_error) do
-          connection = find_connection(request, connections, request.options)
-          connection.send(request)
-        end
-        next unless error.is_a?(ResolveError)
-
-        request.emit(:response, ErrorResponse.new(request, error, request.options))
+        send_request(request, connections)
       end
 
       connections

data/lib/httpx/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module HTTPX
-  VERSION = "1.1.2"
+  VERSION = "1.1.3"
 end

data/lib/httpx.rb

@@ -20,7 +20,6 @@ require "httpx/response"
 require "httpx/options"
 require "httpx/chainable"
 
-require "mutex_m"
 # Top-Level Namespace
 #
 module HTTPX
@@ -31,16 +30,17 @@ module HTTPX
   #
   module Plugins
     @plugins = {}
-    @plugins.extend(Mutex_m)
+    @plugins_mutex = Thread::Mutex.new
 
     # Loads a plugin based on a name. If the plugin hasn't been loaded, tries to load
     # it from the load path under "httpx/plugins/" directory.
     #
     def self.load_plugin(name)
       h = @plugins
-      unless (plugin = h.synchronize { h[name] })
+      m = @plugins_mutex
+      unless (plugin = m.synchronize { h[name] })
         require "httpx/plugins/#{name}"
-        raise "Plugin #{name} hasn't been registered" unless (plugin = h.synchronize { h[name] })
+        raise "Plugin #{name} hasn't been registered" unless (plugin = m.synchronize { h[name] })
       end
       plugin
     end
@@ -49,7 +49,8 @@ module HTTPX
     #
     def self.register_plugin(name, mod)
       h = @plugins
-      h.synchronize { h[name] = mod }
+      m = @plugins_mutex
+      m.synchronize { h[name] = mod }
     end
   end
 

data/sig/plugins/circuit_breaker.rbs

@@ -3,7 +3,9 @@ module HTTPX
     module CircuitBreaker
 
       class CircuitStore
-        @circuits: Hash[String, Circuit] & Mutex_m
+        @circuits: Hash[String, Circuit]
+
+        @circuits_mutex: Thread::Mutex
 
         def try_open: (uri uri, response response) -> response?
 

data/sig/plugins/follow_redirects.rbs

@@ -10,6 +10,8 @@ module HTTPX
         def max_redirects: () -> Integer?
 
         def follow_insecure_redirects: () -> bool?
+
+        def allow_auth_to_other_origins: () -> bool?
       end
 
       def self.extra_options: (Options) -> (Options & _FollowRedirectsOptions)
@@ -17,12 +19,18 @@ module HTTPX
       module InstanceMethods
         def max_redirects: (_ToI) -> instance
 
+        def redirect_request_headers: (http_uri original_uri, http_uri redirect_uri, Headers headers, Options & _FollowRedirectsOptions options) -> Headers
+
         def __get_location_from_response: (Response) -> (URI::HTTP | URI::HTTPS)
       end
 
       module RequestMethods
-        def redirect_request: () -> Request
+        attr_accessor root_request: instance?
+
+        def redirect_request: () -> instance
+
         def redirect_request=: (Request) -> void
+
         def max_redirects: () -> Integer
       end
     end

data/sig/plugins/response_cache.rbs

@@ -9,7 +9,9 @@ module HTTPX
       def self?.cached_response?: (response response) -> bool
 
       class Store
-        @store: Hash[String, Array[Response]] & Mutex_m
+        @store: Hash[String, Array[Response]]
+
+        @store_mutex: Thread::Mutex
 
         def lookup: (Request request) -> Response?
 

data/sig/response/body.rbs

@@ -44,6 +44,8 @@ module HTTPX
 
     def self.initialize_inflater_by_encoding: (Encoding | String encoding, Response response, ?bytesize: Integer) -> Transcoder::GZIP::Inflater
 
+    def decode_chunk: (String chunk) -> String
+
     def transition: (Symbol nextstate) -> void
 
     def _with_same_buffer_pos: [A] () { () -> A } -> A

data/sig/session.rbs

@@ -17,10 +17,10 @@ module HTTPX
 
     def build_request: (verb, generic_uri, ?options) -> Request
 
-    private
+    def initialize: (?options) { (self) -> void } -> void
+                  | (?options) -> void
 
-    def initialize: (?options) { (self) -> void } -> untyped
-                  | (?options) -> untyped
+    private
 
     def pool: -> Pool
     def on_response: (Request, response) -> void
@@ -29,6 +29,8 @@ module HTTPX
 
     def find_connection: (Request request, Array[Connection] connections, Options options) -> Connection
 
+    def send_request: (Request request, Array[Connection] connections, ?Options options) -> void
+
     def set_connection_callbacks: (Connection connection, Array[Connection] connections, Options options) -> void
 
     def build_altsvc_connection: (Connection existing_connection, Array[Connection] connections, URI::Generic alt_origin, String origin, Hash[String, String] alt_params, Options options) -> Connection?

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: httpx
 version: !ruby/object:Gem::Version
-  version: 1.1.2
+  version: 1.1.3
 platform: ruby
 authors:
 - Tiago Cardoso
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2023-11-14 00:00:00.000000000 Z
+date: 2023-11-17 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: http-2-next
@@ -134,6 +134,7 @@ extra_rdoc_files:
 - doc/release_notes/1_1_0.md
 - doc/release_notes/1_1_1.md
 - doc/release_notes/1_1_2.md
+- doc/release_notes/1_1_3.md
 files:
 - LICENSE.txt
 - README.md
@@ -239,6 +240,7 @@ files:
 - doc/release_notes/1_1_0.md
 - doc/release_notes/1_1_1.md
 - doc/release_notes/1_1_2.md
+- doc/release_notes/1_1_3.md
 - lib/httpx.rb
 - lib/httpx/adapters/datadog.rb
 - lib/httpx/adapters/faraday.rb