[issue11662] Redirect vulnerability in urllib/urllib2

Senthil Kumaran report at bugs.python.org
Fri Mar 25 03:42:07 CET 2011

Senthil Kumaran <orsenthil at gmail.com> added the comment:

On Thu, Mar 24, 2011 at 05:32:42PM +0000, Guido van Rossum wrote:
> I still don't think we should raise URLError on the bad redirect; we
> should treat it the same as a missing URI/Location header, and it
> will raise HTTPError.

Agreed. Updated the hg repository by raising HTTPError instead of

Thing to note - HTTPError does not change anything from the
redirection. It would still give the code as 302 with an additional
message saying that Redirection to 'newurl' is not allowed.


Python tracker <report at bugs.python.org>

More information about the Python-bugs-list mailing list