bugfix: user-agent python-requests#8394
Conversation
Replaced user agent to avoid bot protection on private repositories
dimbleby
left a comment
dimbleby
left a comment
There was a problem hiding this comment.
this all seems a bit silly to me: a repository that doesn't allow downloads from the requests user agent is broken and should be fixed (or reconfigured)
however it also seems harmless enough I suppose
src/poetry/utils/authenticator.py
Outdated
| self, method: str, url: str, raise_for_status: bool = True, **kwargs: Any | ||
| ) -> requests.Response: | ||
| headers = kwargs.get("headers") | ||
| headers = kwargs.get("headers", {}) or {} |
There was a problem hiding this comment.
or {} isn't doing anything useful
cf
poetry/src/poetry/publishing/uploader.py
Line 82 in 02448cf
create_session().
There was a problem hiding this comment.
I think or {} covers the potential of there being a headers key in the dict with a None value.
I will apply the UA to the session itself. Thank you for the suggestion.
I do agree, it took me a while to figure out that the 403 I was receiving wasn't from bad credentials or authorization but from the user agent. It seems like our repository is proxied through a nginx configuration that blocks some "bot like" user agents, as to "protect" from vulnerability scans or other bot activity. A quick |
|
This pull request has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs. |
3 participants
Replaced user agent to avoid bot protection on private repositories.
For lock and install commands, the requests library was used, resulting in HTTP requests with 'python-requests' User-agent being sent.
It is possible that HTTP Servers (such as OPNSens in my case) have 'bot protection' to automatically block "bot-like" user agents.
This quick fix comes as a counter measure for the following problem.
Pull Request Check List
Resolves: No tracked issue