Features and Improvements
- Copy pip’s import machinery. When downstream redistributors remove
requests.packages.urllib3 the import machinery will continue to let those
same symbols work. Example usage in requests’ documentation and 3rd-party
libraries relying on the vendored copies of urllib3 will work without having
to fallback to the system urllib3.
- Attempt to quote parts of the URL on redirect if unquoting and then quoting
- Fix filename type check for multipart form-data uploads. (#2411)
- Properly handle the case where a server issuing digest authentication
challenges provides both auth and auth-int qop-values. (#2408)
- Fix a socket leak. (shazow/urllib3#549)
- Fix multiple Set-Cookie headers properly. (shazow/urllib3#534)
- Disable the built-in hostname verification. (shazow/urllib3#526)
- Fix the behaviour of decoding an exhausted stream. (shazow/urllib3#535)
- Pulled in an updated cacert.pem.
- Drop RC4 from the default cipher list. (shazow/urllib3#551)
- Only catch HTTPErrors in raise_for_status (#2382)
- Handle LocationParseError from urllib3 (#2344)
- Handle file-like object filenames that are not strings (#2379)
- Unbreak HTTPDigestAuth handler. Allow new nonces to be negotiated (#2389)
- Allow usage of urllib3’s Retry object with HTTPAdapters (#2216)
- The iter_lines method on a response now accepts a delimiter with which
to split the content (#2295)
- Add deprecation warnings to functions in requests.utils that will be removed
in 3.0 (#2309)
- Sessions used by the functional API are always closed (#2326)
- Restrict requests to HTTP/1.1 and HTTP/1.0 (stop accepting HTTP/0.9) (#2323)
- Only parse the URL once (#2353)
- Allow Content-Length header to always be overriden (#2332)
- Properly handle files in HTTPDigestAuth (#2333)
- Cap redirect_cache size to prevent memory abuse (#2299)
- Fix HTTPDigestAuth handling of redirects after authenticating successfully
- Fix crash with custom method parameter to Session.request (#2317)
- Fix how Link headers are parsed using the regular expression library (#2271)
- Add more references for interlinking (#2348)
- Update CSS for theme (#2290)
- Update width of buttons and sidebar (#2289)
- Replace references of Gittip with Gratipay (#2282)
- Add link to changelog in sidebar (#2273)
- Unicode URL improvements for Python 2.
- Re-order JSON param for backwards compat.
- Automatically defrag authentication schemes from host/pass URIs. (#2249)
- FINALLY! Add json parameter for uploads! (#2258)
- Support for bytestring URLs on Python 3.x (#2238)
- Avoid getting stuck in a loop (#2244)
- Multiple calls to iter* fail with unhelpful error. (#2240, #2241)
- Correct redirection introduction (#2245)
- Added example of how to send multiple files in one request. (#2227)
- Clarify how to pass a custom set of CAs (#2248)
- Now has a “security” package extras set, $ pip install requests[security]
- Requests will now use Certifi if it is available.
- Capture and re-raise urllib3 ProtocolError
- Bugfix for responses that attempt to redirect to themselves forever (wtf?).
- Connection: keep-alive header is now sent automatically.
- Support for connect timeouts! Timeout now accepts a tuple (connect, read) which is used to set individual connect and read timeouts.
- Allow copying of PreparedRequests without headers/cookies.
- Updated bundled urllib3 version.
- Refactored settings loading from environment – new Session.merge_environment_settings.
- Handle socket errors in iter_content.
- New Response property is_redirect, which is true when the
library could have processed this response as a redirection (whether
or not it actually did).
- The timeout parameter now affects requests with both stream=True and
- The change in v2.0.0 to mandate explicit proxy schemes has been reverted.
Proxy schemes now default to http://.
- The CaseInsensitiveDict used for HTTP headers now behaves like a normal
dictionary when references as string or viewed in the interpreter.
- No longer expose Authorization or Proxy-Authorization headers on redirect.
Fix CVE-2014-1829 and CVE-2014-1830 respectively.
- Authorization is re-evaluated each redirect.
- On redirect, pass url as native strings.
- Fall-back to autodetected encoding for JSON when Unicode detection fails.
- Headers set to None on the Session are now correctly not sent.
- Correctly honor decode_unicode even if it wasn’t used earlier in the same
- Stop advertising compress as a supported Content-Encoding.
- The Response.history parameter is now always a list.
- Many, many urllib3 bugfixes.
- Fixes incorrect parsing of proxy credentials that contain a literal or encoded ‘#’ character.
- Assorted urllib3 fixes.
- New exception: ContentDecodingError. Raised instead of urllib3
- Avoid many many exceptions from the buggy implementation of proxy_bypass on OS X in Python 2.6.
- Avoid crashing when attempting to get authentication credentials from ~/.netrc when running as a user without a home directory.
- Use the correct pool size for pools of connections to proxies.
- Fix iteration of CookieJar objects.
- Ensure that cookies are persisted over redirect.
- Switch back to using chardet, since it has merged with charade.
- Updated CA Bundle, of course.
- Cookies set on individual Requests through a Session (e.g. via Session.get()) are no longer persisted to the Session.
- Clean up connections when we hit problems during chunked upload, rather than leaking them.
- Return connections to the pool when a chunked upload is successful, rather than leaking it.
- Match the HTTPbis recommendation for HTTP 301 redirects.
- Prevent hanging when using streaming uploads and Digest Auth when a 401 is received.
- Values of headers set by Requests are now always the native string type.
- Fix previously broken SNI support.
- Fix accessing HTTP proxies using proxy authentication.
- Unencode HTTP Basic usernames and passwords extracted from URLs.
- Support for IP address ranges for no_proxy environment variable
- Parse headers correctly when users override the default Host: header.
- Avoid munging the URL in case of case-sensitive servers.
- Looser URL handling for non-HTTP/HTTPS urls.
- Accept unicode methods in Python 2.6 and 2.7.
- More resilient cookie handling.
- Make Response objects pickleable.
- Actually added MD5-sess to Digest Auth instead of pretending to like last time.
- Updated internal urllib3.
- Fixed @Lukasa’s lack of taste.
- Updated included CA Bundle with new mistrusts and automated process for the future
- Added MD5-sess to Digest Auth
- Accept per-file headers in multipart file POST messages.
- Fixed: Don’t send the full URL on CONNECT messages.
- Fixed: Correctly lowercase a redirect scheme.
- Fixed: Cookies not persisted when set via functional API.
- Fixed: Translate urllib3 ProxyError into a requests ProxyError derived from ConnectionError.
- Updated internal urllib3 and chardet.
- Keys in the Headers dictionary are now native strings on all Python versions,
i.e. bytestrings on Python 2, unicode on Python 3.
- Proxy URLs now must have an explicit scheme. A MissingSchema exception
will be raised if they don’t.
- Timeouts now apply to read time if Stream=False.
- RequestException is now a subclass of IOError, not RuntimeError.
- Added new method to PreparedRequest objects: PreparedRequest.copy().
- Added new method to Session objects: Session.update_request(). This
method updates a Request object with the data (e.g. cookies) stored on
- Added new method to Session objects: Session.prepare_request(). This
method updates and prepares a Request object, and returns the
corresponding PreparedRequest object.
- Added new method to HTTPAdapter objects: HTTPAdapter.proxy_headers().
This should not be called directly, but improves the subclass interface.
- httplib.IncompleteRead exceptions caused by incorrect chunked encoding
will now raise a Requests ChunkedEncodingError instead.
- Invalid percent-escape sequences now cause a Requests InvalidURL
exception to be raised.
- HTTP 208 no longer uses reason phrase "im_used". Correctly uses
- HTTP 226 reason added ("im_used").
- Vastly improved proxy support, including the CONNECT verb. Special thanks to
the many contributors who worked towards this improvement.
- Cookies are now properly managed when 401 authentication responses are
- Chunked encoding fixes.
- Support for mixed case schemes.
- Better handling of streaming downloads.
- Retrieve environment proxies from more locations.
- Minor cookies fixes.
- Improved redirect behaviour.
- Improved streaming behaviour, particularly for compressed data.
- Miscellaneous small Python 3 text encoding bugs.
- .netrc no longer overrides explicit auth.
- Cookies set by hooks are now correctly persisted on Sessions.
- Fix problem with cookies that specify port numbers in their host field.
- BytesIO can be used to perform streaming uploads.
- More generous parsing of the no_proxy environment variable.
- Non-string objects can be passed in data values alongside files.
- 301 and 302 redirects now change the verb to GET for all verbs, not just
POST, improving browser compatibility.
- Python 3.3.2 compatibility
- Always percent-encode location headers
- Fix connection adapter matching to be most-specific first
- new argument to the default connection adapter for passing a block argument
- prevent a KeyError when there’s no link headers
- Fixed cookies on sessions and on requests
- Significantly change how hooks are dispatched - hooks now receive all the
arguments specified by the user when making a request so hooks can make a
secondary request with the same parameters. This is especially necessary for
authentication handler authors
- certifi support was removed
- Fixed bug where using OAuth 1 with body signature_type sent no data
- Major proxy work thanks to @Lukasa including parsing of proxy authentication
from the proxy url
- Fix DigestAuth handling too many 401s
- Update vendored urllib3 to include SSL bug fixes
- Allow keyword arguments to be passed to json.loads() via the
- Don’t send Content-Length header by default on GET or HEAD
- Add elapsed attribute to Response objects to time how long a request
- Fix RequestsCookieJar
- Sessions and Adapters are now picklable, i.e., can be used with the
- Update charade to version 1.0.3
The change in how hooks are dispatched will likely cause a great deal of
- CHUNKED REQUESTS
- Support for iterable response bodies
- Assume servers persist redirect params
- Allow explicit content types to be specified for file data
- Make merge_kwargs case-insensitive when looking up keys
- Fix file upload encoding bug
- Fix cookie behavior
- Proxy fix for HTTPAdapter.
- Cert verification exception bug.
- Proxy fix for HTTPAdapter.
- Massive Refactor and Simplification
- Switch to Apache 2.0 license
- Swappable Connection Adapters
- Mountable Connection Adapters
- Mutable ProcessedRequest chain
- Removal of all configuration
- Standard library logging
- Make Response.json() callable, not property.
- Usage of new charade project, which provides python 2 and 3 simultaneous chardet.
- Removal of all hooks except ‘response’
- Removal of all authentication helpers (OAuth, Kerberos)
This is not a backwards compatible change.
- Improved mime-compatible JSON handling
- Proxy fixes
- Path hack fixes
- Case-Insensistive Content-Encoding headers
- Support for CJK parameters in form posts
- Python 3.3 Compatibility
- Simply default accept-encoding
- No more iter_content errors if already downloaded.
- Fix for OAuth + POSTs
- Remove exception eating from dispatch_hook
- General bugfixes
- Incredible Link header support :)
- Support for (key, value) lists everywhere.
- Digest Authentication improvements.
- Ensure proxy exclusions work properly.
- Clearer UnicodeError exceptions.
- Automatic casting of URLs to tsrings (fURL and such)
- Long awaited fix for hanging connections!
- GSSAPI/Kerberos authentication!
- App Engine 2.7 Fixes!
- Fix leaking connections (from urllib3 update)
- OAuthlib path hack fix
- OAuthlib URL parameters fix.
- Use simplejson if available.
- Do not hide SSLErrors behind Timeouts.
- Fixed param handling with urls containing fragments.
- Significantly improved information in User Agent.
- client certificates are ignored when verify=False
- Zero dependencies (once again)!
- New: Response.reason
- Sign querystring parameters in OAuth 1.0
- Client certificates no longer ignored when verify=False
- Add openSUSE certificate support
- Allow passing a file or file-like object as data.
- Allow hooks to return responses that indicate errors.
- Fix Response.text and Response.json for body-less responses.
- Removal of Requests.async in favor of grequests
- Allow disabling of cookie persistiance.
- New implimentation of safe_mode
- cookies.get now supports default argument
- Session cookies not saved when Session.request is called with return_response=False
- Env: no_proxy support.
- RequestsCookieJar improvements.
- Various bug fixes.
- New Response.json property.
- Ability to add string file uploads.
- Fix out-of-range issue with iter_lines.
- Fix iter_content default size.
- Fix POST redirects containing files.
- EXPERIMENTAL OAUTH SUPPORT!
- Proper CookieJar-backed cookies interface with awesome dict-like interface.
- Speed fix for non-iterated content chunks.
- Move pre_request to a more usable place.
- New pre_send hook.
- Lazily encode data, params, files.
- Load system Certificate Bundle if certify isn’t available.
- Cleanups, fixes.
- Attempt to use the OS’s certificate bundle if certifi isn’t available.
- Infinite digest auth redirect fix.
- Multi-part file upload improvements.
- Fix decoding of invalid %encodings in URLs.
- If there is no content in a response don’t throw an error the second time that content is attempted to be read.
- Upload data on redirects.
- POST redirects now break RFC to do what browsers do: Follow up with a GET.
- New strict_mode configuration to disable new redirect behavior.
- Private SSL Certificate support
- Remove select.poll from Gevent monkeypatching
- Remove redundant generator for chunked transfer encoding
- Fix: Response.ok raises Timeout Exception in safe_mode
- Generate chunked ValueError fix
- Proxy configuration by environment variables
- Simplification of iter_lines.
- New trust_env configuration for disabling system/environment hints.
- Suppress cookie errors.
- Response body with 0 content-length fix.
- New async.imap.
- Don’t fail on netrc.
- HEAD requests don’t follow redirects anymore.
- raise_for_status() doesn’t raise for 3xx anymore.
- Make Session objects picklable.
- ValueError for invalid schema URLs.
- Vastly improved URL quoting.
- Additional allowed cookie key values.
- Attempted fix for “Too many open files” Error
- Replace unicode errors on first pass, no need for second pass.
- Append ‘/’ to bare-domain urls before query insertion.
- Exceptions now inherit from RuntimeError.
- Binary uploads + auth fix.
- PYTHON 3 SUPPORT!
- Dropped 2.5 Support. (Backwards Incompatible)
- Response.content is now bytes-only. (Backwards Incompatible)
- New Response.text is unicode-only.
- If no Response.encoding is specified and chardet is available, Respoonse.text will guess an encoding.
- Default to ISO-8859-1 (Western) encoding for “text” subtypes.
- Removal of decode_unicode. (Backwards Incompatible)
- New multiple-hooks system.
- New Response.register_hook for registering hooks within the pipeline.
- Response.url is now Unicode.
- SSL verify=False bugfix (apparent on windows machines).
- Asynchronous async.send method.
- Support for proper chunk streams with boundaries.
- session argument for Session classes.
- Print entire hook tracebacks, not just exception instance.
- Fix response.iter_lines from pending next line.
- Fix but in HTTP-digest auth w/ URI having query strings.
- Fix in Event Hooks section.
- Urllib3 update.
- danger_mode for automatic Response.raise_for_status()
- Response.iter_lines refactor
- SSL CERT VERIFICATION!
- Release of Cerifi: Mozilla’s cert list.
- New ‘verify’ argument for SSL requests.
- Urllib3 update.
- iter_lines last-line truncation fix
- Force safe_mode for async requests
- Handle safe_mode exceptions more consistently
- Fix iteration on null responses in safe_mode
- Socket timeout fixes.
- Proxy Authorization support.
- Prefetch bugfix.
- Added license to installed version.
- Converted auth system to use simpler callable objects.
- New session parameter to API methods.
- Display full URL while logging.
- New Unicode decoding system, based on over-ridable Response.encoding.
- Proper URL slash-quote handling.
- Cookies with [, ], and _ allowed.
- URL Request path fix
- Proxy fix.
- Timeouts fix.
- Keep-alive support!
- Complete removal of Urllib2
- Complete removal of Poster
- Complete removal of CookieJars
- New ConnectionError raising
- Safe_mode for error catching
- prefetch parameter for request methods
- OPTION method
- Async pool size throttling
- File uploads send real names
- Vendored in urllib3
- Digest authentication bugfix (attach query data to path)
- Response.content = None if there was an invalid repsonse.
- Redirection auth handling.
- Move away from urllib2 authentication handling.
- Fully Remove AuthManager, AuthObject, &c.
- New tuple-based auth system with handler callbacks.
- Sessions are now the primary interface.
- Deprecated InvalidMethodException.
- PATCH fix.
- New config system (no more global settings).
- Session parameter bugfix (params merging).
- Offline (fast) test suite.
- Session dictionary argument merging.
- Automatic decoding of unicode, based on HTTP Headers.
- New decode_unicode setting.
- Removal of r.read/close methods.
- New r.faw interface for advanced response usage.*
- Automatic expansion of parameterized headers.
- Beautiful requests.async module, for making async requests w/ gevent.
- GET/HEAD obeys allow_redirects=False.
- Enhanced status codes experience \o/
- Set a maximum number of redirects (settings.max_redirects)
- Full Unicode URL support
- Support for protocol-less redirects.
- Allow for arbitrary request types.
- New callback hook system
- New persistient sessions object and context manager
- Transparent Dict-cookie handling
- Status code reference object
- Removed Response.cached
- Added Response.request
- All args are kwargs
- Relative redirect support
- HTTPError handling improvements
- Improved https testing
- International Domain Name Support!
- Access headers without fetching entire body (read())
- Use lists as dicts for parameters
- Add Forced Basic Authentication
- Forced Basic is default authentication type
- python-requests.org default User-Agent header
- CaseInsensitiveDict lower-case caching
- Response.history bugfix
- PATCH Support
- Support for Proxies
- HTTPBin Test Suite
- Redirect Fixes
- settings.verbose stream writing
- Querystrings for all methods
- URLErrors (Connection Refused, Timeout, Invalid URLs) are treated as explicity raised
- Improved Redirection Handling
- New ‘allow_redirects’ param for following non-GET/HEAD Redirects
- Settings module refactoring
- Response.history: list of redirected responses
- Case-Insensitive Header Dictionaries!
- Unicode URLs
- Urllib2 HTTPAuthentication Recursion fix (Basic/Digest)
- Internal Refactor
- Bytes data upload Bugfix
- Request timeouts
- Unicode url-encoded data
- Settings context manager and module
- Automatic Decompression of GZip Encoded Content
- AutoAuth Support for Tupled HTTP Auth
- Cookie Changes
- Poster fix
Automatic Authentication API Change
Smarter Query URL Parameterization
Allow file uploads and POST data together
- New Authentication Manager System
- Simpler Basic HTTP System
- Supports all build-in urllib2 Auths
- Allows for custom Auth Handlers
- Python 2.5 Support
- PyPy-c v1.4 Support
- Auto-Authentication tests
- Improved Request object constructor
- New HTTPHandling Methods
- Response.__nonzero__ (false if bad HTTP Status)
- Response.ok (True if expected HTTP Status)
- Response.error (Logged HTTPError if bad HTTP Status)
- Response.raise_for_status() (Raises stored HTTPError)
- Still handles request in the event of an HTTPError. (Issue #2)
- Eventlet and Gevent Monkeypatch support.
- Cookie Support (Issue #1)
- Added file attribute to POST and PUT requests for multipart-encode file uploads.
- Added Request.url attribute for context and redirects