← 返回首页
Preserve leading slashes in request path_url by typhon8 · Pull Request #7315 · psf/requests · GitHub
Skip to content

Navigation Menu

Toggle navigation
Sign in
Appearance settings
Search or jump to...

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Include my email address so I can be contacted

Saved searches

Use saved searches to filter your results more quickly

Appearance settings
Resetting focus

Preserve leading slashes in request path_url#7315

Merged
nateprewitt merged 2 commits into
psf:mainfrom
typhon8:fix/s3-presigned-url-leading-slash
May 10, 2026
Merged

Preserve leading slashes in request path_url#7315
nateprewitt merged 2 commits into
psf:mainfrom
typhon8:fix/s3-presigned-url-leading-slash

Conversation

typhon8 commented Mar 31, 2026

Copy link
Copy Markdown
Contributor

Summary

Fixes issue #6711 where S3 presigned URLs with keys starting with '/' were incorrectly modified, breaking URL signatures.
URLs like https://bucket.s3.amazonaws.com//key_name now correctly preserve //key_name in the path.

Changes

  • Remove URL manipulation that collapsed leading slashes in request_url() method
  • Add test to verify leading slashes are preserved for S3-style URLs

Reproduction

import requests # S3 presigned URL with key starting with '/' url = "https://bucket.s3.amazonaws.com//key_with_leading_slash.txt" r = requests.get(url) # Previously broken, now works correctly Fixes #6711

Fixes issue where S3 presigned URLs with keys starting with '/' were incorrectly modified, breaking URL signatures. URLs like 'https://bucket.s3.amazonaws.com//key_name' now correctly preserve '//key_name' in the path_url. Closes psf#6711

Copy link
Copy Markdown
Member

Hi @typhon8, thanks for the PR. Unfortunately, this is breaking. We specifically changed the behavior to handle ambiguous paths failing in urllib3.

I've added urllib3/urllib3#4952 to urllib3 which should fix the behavior in their next release. At that point we can revisit removing this from Requests. We do not want to remove the test though, that is required to still function before we make any changes.

nateprewitt left a comment

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Choose a reason Spam Abuse Off Topic Outdated Duplicate Resolved Low Quality Hide comment

I made the test tweak to go back to the old format. It demonstrates the same thing without adding s3 semantics into the test suite. Once the tests finish, we can merge this and it will go out with 2.34.0.

Hide details View details nateprewitt merged commit fd62809 into psf:main May 10, 2026
33 checks passed
nateprewitt mentioned this pull request May 11, 2026
luketainton pushed a commit to luketainton/repos_pypilot that referenced this pull request May 13, 2026
This PR contains the following updates: | Package | Change | [Age](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-confidence/) | |---|---|---|---| | [requests](https://github.com/psf/requests) ([changelog](https://github.com/psf/requests/blob/master/HISTORY.md)) | `==2.33.1` → `==2.34.0` | ![age](https://developer.mend.io/api/mc/badges/age/pypi/requests/2.34.0?slim=true) | ![confidence](https://developer.mend.io/api/mc/badges/confidence/pypi/requests/2.33.1/2.34.0?slim=true) | --- ### Release Notes <details> <summary>psf/requests (requests)</summary> ### [`v2.34.0`](https://github.com/psf/requests/blob/HEAD/HISTORY.md#2340-2026-05-11) [Compare Source](psf/requests@v2.33.1...v2.34.0) **Announcements** - Requests 2.34.0 introduces inline types, replacing those provided by typeshed. Public API types should be fully compatible with mypy, pyright, and ty. We believe types are comprehensive but if you find issues, please report them to the pinned tracking issue. Special thanks to [@&#8203;bastimeyer](https://github.com/bastimeyer), [@&#8203;cthoyt](https://github.com/cthoyt), [@&#8203;edgarrmondragon](https://github.com/edgarrmondragon), and [@&#8203;srittau](https://github.com/srittau) for helping review and test the types ahead of the release. ([#&#8203;7272](psf/requests#7272)) **Improvements** - Digest Auth hashing algorithms have added `usedforsecurity=False` to clarify security considerations. ([#&#8203;7310](psf/requests#7310)) - Requests added support for Python 3.15 based on beta1. Downstream projects should be able to start testing prior to its release in October. ([#&#8203;7422](psf/requests#7422)) - Requests added support for Python 3.14t. ([#&#8203;7419](psf/requests#7419)) **Bugfixes** - `Response.history` no longer contains a reference to itself, preventing accidental looping when traversing the history list. ([#&#8203;7328](psf/requests#7328)) - Requests no longer performs greedy matching on no\_proxy domains. The proxy\_bypass implementation has been updated with CPython's fix from bpo-39057. ([#&#8203;7427](psf/requests#7427)) - Requests no longer incorrectly strips duplicate leading slashes in URI paths. This should address user issues with specific presigned URLs. Note the full fix requires urllib3 2.7.0+. ([#&#8203;7315](psf/requests#7315)) </details> --- ### Configuration 📅 **Schedule**: (UTC) - Branch creation - At any time (no schedule defined) - Automerge - At any time (no schedule defined) 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xNzMuMCIsInVwZGF0ZWRJblZlciI6IjQzLjE3My4wIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJ0eXBlL2RlcGVuZGVuY2llcyJdfQ==--> Reviewed-on: https://git.tainton.uk/repos/pypilot/pulls/443 Co-authored-by: renovate[bot] <renovate-bot@git.tainton.uk> Co-committed-by: renovate[bot] <renovate-bot@git.tainton.uk>
harupy added a commit to mlflow/mlflow that referenced this pull request May 19, 2026
requests 2.34.0 stopped stripping duplicate leading slashes in URI paths (psf/requests#7315). The Gateway/UvicornGateway test helpers built URLs as f"{self.url}/{path}", which produced "//api/..." when callers passed paths with a leading slash. The old behavior masked this; the new behavior leaves the double slash on the wire, and Starlette returns 404 Not Found. Strip the leading slash from path before joining. Co-Authored-By: Claude <noreply@anthropic.com> Signed-off-by: harupy <17039389+harupy@users.noreply.github.com>
gmertes added a commit to ecmwf/anemoi-utils that referenced this pull request Jun 10, 2026
## Description requests 2.34 stopped stripping trailing slashes in URLs. Our mlflow auth constructs URLs as `f"{self.url}/{path}"`. If a user-provided URL contains a trailing slash, the constructed path will have a double slash and fail. requests<2.34 masked this behaviour. We should strip trailing slashes ourselves. psf/requests#7315 ## What issue or task does this change relate to? #293 ***As a contributor to the Anemoi framework, please ensure that your changes include unit tests, updates to any affected dependencies and documentation, and have been tested in a parallel setting (i.e., with multiple GPUs). As a reviewer, you are also responsible for verifying these aspects and requesting changes if they are not adequately addressed. For guidelines about those please refer to https://anemoi.readthedocs.io/en/latest/*** By opening this pull request, I affirm that all authors agree to the [Contributor License Agreement.](https://github.com/ecmwf/codex/blob/main/Legal/contributor_license_agreement.md)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode characters
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants

Footer

© 2026 GitHub, Inc.