From 6d386684ad69f42cb57c72fe0e0ffcec82ec7e12 Mon Sep 17 00:00:00 2001 From: CHINMAY <89741289+Das-Chinmay@users.noreply.github.com> Date: Wed, 8 Jul 2026 20:40:18 -0700 Subject: [PATCH 1/2] =?UTF-8?q?gh-47005:=20fix=20do=5Fopen()=20to=20let=20?= =?UTF-8?q?regular=20headers=20override=20unredirected=20=E2=80=A6=20(#146?= =?UTF-8?q?506)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * gh-47005: fix do_open() to let regular headers override unredirected headers AbstractHTTPHandler.do_open() was building the request header dict by starting with unredirected_hdrs and only inserting regular headers that were not already present, giving unredirected headers priority. This contradicts get_header() and header_items(), both of which give regular headers the higher priority. Fix by unconditionally updating with req.headers so that a header set via add_header() always overrides one set via add_unredirected_header(). --------- Co-authored-by: Senthil Kumaran --- Lib/test/test_urllib2.py | 29 +++++++++++++++++++ Lib/urllib/request.py | 3 +- ...6-03-26-00-00-00.gh-issue-47005.xxc89c.rst | 4 +++ 3 files changed, 34 insertions(+), 2 deletions(-) create mode 100644 Misc/NEWS.d/next/Library/2026-03-26-00-00-00.gh-issue-47005.xxc89c.rst diff --git a/Lib/test/test_urllib2.py b/Lib/test/test_urllib2.py index 3a77b9e5ab79289..d2fd111f6d9de02 100644 --- a/Lib/test/test_urllib2.py +++ b/Lib/test/test_urllib2.py @@ -980,6 +980,35 @@ def test_http(self): self.assertEqual(req.unredirected_hdrs["Host"], "baz") self.assertEqual(req.unredirected_hdrs["Spam"], "foo") + def test_http_header_priority(self): + # gh-47005: regular headers set via add_header() must override + # unredirected headers with the same name in do_open(), consistent + # with get_header() and header_items(). + cases = [ + ("Content-Type", "application/json", "application/x-www-form-urlencoded"), + ("Content-Length", "99", "0"), + ("Host", "override.example.com", "internal.example.com"), + ("Authorization", "Bearer user-token", "Basic stale="), + ("Cookie", "a=1", "b=2"), + ("User-Agent", "MyApp/1.0", "Python-urllib/test"), + ] + h = urllib.request.AbstractHTTPHandler() + h.parent = MockOpener() + + for key, regular, unredirected in cases: + req = Request("http://example.com/", headers={key: regular}) + req.timeout = None + req.add_unredirected_header(key, unredirected) + + http = MockHTTPClass() + h.do_open(http, req) + + sent_headers = dict(http.req_headers) + self.assertEqual(sent_headers[key], regular) + # key is capitalized by add_header() and add_unredirected_header() calls + self.assertEqual(req.get_header(key.capitalize()), regular) + self.assertEqual(dict(req.header_items())[key.capitalize()], regular) + def test_http_body_file(self): # A regular file - chunked encoding is used unless Content Length is # already set. diff --git a/Lib/urllib/request.py b/Lib/urllib/request.py index f5f17f223a45853..660301fef612588 100644 --- a/Lib/urllib/request.py +++ b/Lib/urllib/request.py @@ -1293,8 +1293,7 @@ def do_open(self, http_class, req, **http_conn_args): h.set_debuglevel(self._debuglevel) headers = dict(req.unredirected_hdrs) - headers.update({k: v for k, v in req.headers.items() - if k not in headers}) + headers.update(req.headers) # TODO(jhylton): Should this be redesigned to handle # persistent connections? diff --git a/Misc/NEWS.d/next/Library/2026-03-26-00-00-00.gh-issue-47005.xxc89c.rst b/Misc/NEWS.d/next/Library/2026-03-26-00-00-00.gh-issue-47005.xxc89c.rst new file mode 100644 index 000000000000000..646367f0fa069d3 --- /dev/null +++ b/Misc/NEWS.d/next/Library/2026-03-26-00-00-00.gh-issue-47005.xxc89c.rst @@ -0,0 +1,4 @@ +Fix :meth:`!urllib.request.AbstractHTTPHandler.do_open` to give regular +headers set via :meth:`~urllib.request.Request.add_header` priority over +unredirected headers, consistent with :meth:`~urllib.request.Request.get_header` +and :meth:`~urllib.request.Request.header_items`. From bc9bb7386597e22693662f489a7474998788e228 Mon Sep 17 00:00:00 2001 From: Kanishk Pachauri Date: Thu, 9 Jul 2026 10:41:36 +0530 Subject: [PATCH 2/2] gh-130578: clarify urllib.parse.quote parameter defaults behavior (#130598) Co-authored-by: Serhiy Storchaka --- Doc/library/urllib.parse.rst | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/Doc/library/urllib.parse.rst b/Doc/library/urllib.parse.rst index 3ce20311c42c849..26e159306c81070 100644 --- a/Doc/library/urllib.parse.rst +++ b/Doc/library/urllib.parse.rst @@ -649,8 +649,9 @@ task isn't already covered by the URL parsing functions above. The optional *encoding* and *errors* parameters specify how to deal with non-ASCII characters, as accepted by the :meth:`str.encode` method. - *encoding* defaults to ``'utf-8'``. - *errors* defaults to ``'strict'``, meaning unsupported characters raise a + Although these parameters default to ``None`` in the function signature, + when processing :class:`str` inputs, *encoding* effectively defaults to ``'utf-8'`` + and *errors* to ``'strict'``, meaning unsupported characters raise a :class:`UnicodeEncodeError`. *encoding* and *errors* must not be supplied if *string* is a :class:`bytes`, or a :class:`TypeError` is raised.