Rather than pass the user name and password via the
url, supply them directly to the http request. This should guarantee that the authorization header is
generated correctly.
Signed-off-by: Eric Callahan <arksine.code@gmail.com>
This closes a securitiy vulernability where the client could
be used to download and save a file from any configured
location.
Signed-off-by: Eric Callahan <arksine.code@gmail.com>
This wrapper is an object that may be used to build requests
procedurally rather than submit all request parameters in
a call to "request()", "get()", etc. This is primarily useful for
usage in a Jinja2 context.
Signed-off-by: Eric Callahan <arksine.code@gmail.com>
This method will not work correctly if any individual part contains
a special character. For example, if an item in the path contains
a "#", the regex will return an incorrect result. Likewise, if any item
in a query string contains an "&" the query string will be correctly
escaped.
All urls supplied to the http client must be escaped by the consumer.
Signed-off-by: Eric Callahan <arksine.code@gmail.com>
While the curl based client is better in most respects, it requires
that libcurl be against with an asynchronous DNS resolver, such
as c-ares, in order to prevent blocking. As of now it Debian does
not ship with a version of curl with ares enabled. Fall back to the
simple client until this can be resolved.
Signed-off-by: Eric Callahan <arksine.code@gmail.com>
This abstracts the tornado http client from the rest of Moonraker,
allowing all components to access the client's most used functionality
without importing tornado modules.
Signed-off-by: Eric Callahan <arksine.code@gmail.com>
