110 |
109 |
111 sanitized_headers = self._SanitizeHttpHeaders(_UNTRUSTED_REQUEST_HEADERS, |
110 sanitized_headers = self._SanitizeHttpHeaders(_UNTRUSTED_REQUEST_HEADERS, |
112 request.header_list()) |
111 request.header_list()) |
113 request.clear_header() |
112 request.clear_header() |
114 request.header_list().extend(sanitized_headers) |
113 request.header_list().extend(sanitized_headers) |
|
114 deadline = _API_CALL_DEADLINE |
|
115 if request.has_deadline(): |
|
116 deadline = request.deadline() |
115 |
117 |
116 self._RetrieveURL(request.url(), payload, method, |
118 self._RetrieveURL(request.url(), payload, method, |
117 request.header_list(), response, |
119 request.header_list(), response, |
118 follow_redirects=request.followredirects()) |
120 follow_redirects=request.followredirects(), |
|
121 deadline=deadline) |
119 |
122 |
120 def _RetrieveURL(self, url, payload, method, headers, response, |
123 def _RetrieveURL(self, url, payload, method, headers, response, |
121 follow_redirects=True): |
124 follow_redirects=True, deadline=_API_CALL_DEADLINE): |
122 """Retrieves a URL. |
125 """Retrieves a URL. |
123 |
126 |
124 Args: |
127 Args: |
125 url: String containing the URL to access. |
128 url: String containing the URL to access. |
126 payload: Request payload to send, if any; None if no payload. |
129 payload: Request payload to send, if any; None if no payload. |
127 method: HTTP method to use (e.g., 'GET') |
130 method: HTTP method to use (e.g., 'GET') |
128 headers: List of additional header objects to use for the request. |
131 headers: List of additional header objects to use for the request. |
129 response: Response object |
132 response: Response object |
130 follow_redirects: optional setting (defaulting to True) for whether or not |
133 follow_redirects: optional setting (defaulting to True) for whether or not |
131 we should transparently follow redirects (up to MAX_REDIRECTS) |
134 we should transparently follow redirects (up to MAX_REDIRECTS) |
|
135 deadline: Number of seconds to wait for the urlfetch to finish. |
132 |
136 |
133 Raises: |
137 Raises: |
134 Raises an apiproxy_errors.ApplicationError exception with FETCH_ERROR |
138 Raises an apiproxy_errors.ApplicationError exception with FETCH_ERROR |
135 in cases where: |
139 in cases where: |
136 - MAX_REDIRECTS is exceeded |
140 - MAX_REDIRECTS is exceeded |
193 else: |
197 else: |
194 full_path = path |
198 full_path = path |
195 |
199 |
196 orig_timeout = socket.getdefaulttimeout() |
200 orig_timeout = socket.getdefaulttimeout() |
197 try: |
201 try: |
198 socket.setdefaulttimeout(_API_CALL_DEADLINE) |
202 socket.setdefaulttimeout(deadline) |
199 connection.request(method, full_path, payload, adjusted_headers) |
203 connection.request(method, full_path, payload, adjusted_headers) |
200 http_response = connection.getresponse() |
204 http_response = connection.getresponse() |
201 http_response_data = http_response.read() |
205 http_response_data = http_response.read() |
202 finally: |
206 finally: |
203 socket.setdefaulttimeout(orig_timeout) |
207 socket.setdefaulttimeout(orig_timeout) |
236 |
240 |
237 Args: |
241 Args: |
238 untrusted_headers: set of untrusted headers names |
242 untrusted_headers: set of untrusted headers names |
239 headers: list of string pairs, first is header name and the second is header's value |
243 headers: list of string pairs, first is header name and the second is header's value |
240 """ |
244 """ |
|
245 prohibited_headers = [h.key() for h in headers |
|
246 if h.key().lower() in untrusted_headers] |
|
247 if prohibited_headers: |
|
248 logging.warn("Stripped prohibited headers from URLFetch request: %s", |
|
249 prohibited_headers) |
241 return (h for h in headers if h.key().lower() not in untrusted_headers) |
250 return (h for h in headers if h.key().lower() not in untrusted_headers) |