[yt-dlp.git] / yt_dlp / networking / _requests.py

import contextlib
import functools
import http.client
import logging
import re
import socket
import warnings

from ..dependencies import brotli, requests, urllib3
from ..utils import bug_reports_message, int_or_none, variadic

if requests is None:
    raise ImportError('requests module is not installed')

if urllib3 is None:
    raise ImportError('urllib3 module is not installed')

urllib3_version = tuple(int_or_none(x, default=0) for x in urllib3.__version__.split('.'))

if urllib3_version < (1, 26, 17):
    raise ImportError('Only urllib3 >= 1.26.17 is supported')

if requests.__build__ < 0x023100:
    raise ImportError('Only requests >= 2.31.0 is supported')

import requests.adapters
import requests.utils
import urllib3.connection
import urllib3.exceptions

from ._helper import (
    InstanceStoreMixin,
    add_accept_encoding_header,
    create_connection,
    create_socks_proxy_socket,
    get_redirect_method,
    make_socks_proxy_opts,
    select_proxy,
)
from .common import (
    Features,
    RequestHandler,
    Response,
    register_preference,
    register_rh,
)
from .exceptions import (
    CertificateVerifyError,
    HTTPError,
    IncompleteRead,
    ProxyError,
    RequestError,
    SSLError,
    TransportError,
)
from ..socks import ProxyError as SocksProxyError

SUPPORTED_ENCODINGS = [
    'gzip', 'deflate'
]

if brotli is not None:
    SUPPORTED_ENCODINGS.append('br')

"""
Override urllib3's behavior to not convert lower-case percent-encoded characters
to upper-case during url normalization process.

RFC3986 defines that the lower or upper case percent-encoded hexidecimal characters are equivalent
and normalizers should convert them to uppercase for consistency [1].

However, some sites may have an incorrect implementation where they provide
a percent-encoded url that is then compared case-sensitively.[2]

While this is a very rare case, since urllib does not do this normalization step, it
is best to avoid it in requests too for compatability reasons.

1: https://tools.ietf.org/html/rfc3986#section-2.1
2: https://github.com/streamlink/streamlink/pull/4003
"""


class Urllib3PercentREOverride:
    def __init__(self, r: re.Pattern):
        self.re = r

    # pass through all other attribute calls to the original re
    def __getattr__(self, item):
        return self.re.__getattribute__(item)

    def subn(self, repl, string, *args, **kwargs):
        return string, self.re.subn(repl, string, *args, **kwargs)[1]


# urllib3 >= 1.25.8 uses subn:
# https://github.com/urllib3/urllib3/commit/a2697e7c6b275f05879b60f593c5854a816489f0
import urllib3.util.url  # noqa: E305

if hasattr(urllib3.util.url, 'PERCENT_RE'):
    urllib3.util.url.PERCENT_RE = Urllib3PercentREOverride(urllib3.util.url.PERCENT_RE)
elif hasattr(urllib3.util.url, '_PERCENT_RE'):  # urllib3 >= 2.0.0
    urllib3.util.url._PERCENT_RE = Urllib3PercentREOverride(urllib3.util.url._PERCENT_RE)
else:
    warnings.warn('Failed to patch PERCENT_RE in urllib3 (does the attribute exist?)' + bug_reports_message())

"""
Workaround for issue in urllib.util.ssl_.py: ssl_wrap_context does not pass
server_hostname to SSLContext.wrap_socket if server_hostname is an IP,
however this is an issue because we set check_hostname to True in our SSLContext.

Monkey-patching IS_SECURETRANSPORT forces ssl_wrap_context to pass server_hostname regardless.

This has been fixed in urllib3 2.0+.
See: https://github.com/urllib3/urllib3/issues/517
"""

if urllib3_version < (2, 0, 0):
    with contextlib.suppress():
        urllib3.util.IS_SECURETRANSPORT = urllib3.util.ssl_.IS_SECURETRANSPORT = True


# Requests will not automatically handle no_proxy by default
# due to buggy no_proxy handling with proxy dict [1].
# 1. https://github.com/psf/requests/issues/5000
requests.adapters.select_proxy = select_proxy


class RequestsResponseAdapter(Response):
    def __init__(self, res: requests.models.Response):
        super().__init__(
            fp=res.raw, headers=res.headers, url=res.url,
            status=res.status_code, reason=res.reason)

        self._requests_response = res

    def read(self, amt: int = None):
        try:
            # Interact with urllib3 response directly.
            return self.fp.read(amt, decode_content=True)

        # See urllib3.response.HTTPResponse.read() for exceptions raised on read
        except urllib3.exceptions.SSLError as e:
            raise SSLError(cause=e) from e

        except urllib3.exceptions.ProtocolError as e:
            # IncompleteRead is always contained within ProtocolError
            # See urllib3.response.HTTPResponse._error_catcher()
            ir_err = next(
                (err for err in (e.__context__, e.__cause__, *variadic(e.args))
                 if isinstance(err, http.client.IncompleteRead)), None)
            if ir_err is not None:
                # `urllib3.exceptions.IncompleteRead` is subclass of `http.client.IncompleteRead`
                # but uses an `int` for its `partial` property.
                partial = ir_err.partial if isinstance(ir_err.partial, int) else len(ir_err.partial)
                raise IncompleteRead(partial=partial, expected=ir_err.expected) from e
            raise TransportError(cause=e) from e

        except urllib3.exceptions.HTTPError as e:
            # catch-all for any other urllib3 response exceptions
            raise TransportError(cause=e) from e


class RequestsHTTPAdapter(requests.adapters.HTTPAdapter):
    def __init__(self, ssl_context=None, proxy_ssl_context=None, source_address=None, **kwargs):
        self._pm_args = {}
        if ssl_context:
            self._pm_args['ssl_context'] = ssl_context
        if source_address:
            self._pm_args['source_address'] = (source_address, 0)
        self._proxy_ssl_context = proxy_ssl_context or ssl_context
        super().__init__(**kwargs)

    def init_poolmanager(self, *args, **kwargs):
        return super().init_poolmanager(*args, **kwargs, **self._pm_args)

    def proxy_manager_for(self, proxy, **proxy_kwargs):
        extra_kwargs = {}
        if not proxy.lower().startswith('socks') and self._proxy_ssl_context:
            extra_kwargs['proxy_ssl_context'] = self._proxy_ssl_context
        return super().proxy_manager_for(proxy, **proxy_kwargs, **self._pm_args, **extra_kwargs)

    def cert_verify(*args, **kwargs):
        # lean on SSLContext for cert verification
        pass


class RequestsSession(requests.sessions.Session):
    """
    Ensure unified redirect method handling with our urllib redirect handler.
    """
    def rebuild_method(self, prepared_request, response):
        new_method = get_redirect_method(prepared_request.method, response.status_code)

        # HACK: requests removes headers/body on redirect unless code was a 307/308.
        if new_method == prepared_request.method:
            response._real_status_code = response.status_code
            response.status_code = 308

        prepared_request.method = new_method

    def rebuild_auth(self, prepared_request, response):
        # HACK: undo status code change from rebuild_method, if applicable.
        # rebuild_auth runs after requests would remove headers/body based on status code
        if hasattr(response, '_real_status_code'):
            response.status_code = response._real_status_code
            del response._real_status_code
        return super().rebuild_auth(prepared_request, response)


class Urllib3LoggingFilter(logging.Filter):

    def filter(self, record):
        # Ignore HTTP request messages since HTTPConnection prints those
        if record.msg == '%s://%s:%s "%s %s %s" %s %s':
            return False
        return True


class Urllib3LoggingHandler(logging.Handler):
    """Redirect urllib3 logs to our logger"""
    def __init__(self, logger, *args, **kwargs):
        super().__init__(*args, **kwargs)
        self._logger = logger

    def emit(self, record):
        try:
            msg = self.format(record)
            if record.levelno >= logging.ERROR:
                self._logger.error(msg)
            else:
                self._logger.stdout(msg)

        except Exception:
            self.handleError(record)


@register_rh
class RequestsRH(RequestHandler, InstanceStoreMixin):

    """Requests RequestHandler
    https://github.com/psf/requests
    """
    _SUPPORTED_URL_SCHEMES = ('http', 'https')
    _SUPPORTED_ENCODINGS = tuple(SUPPORTED_ENCODINGS)
    _SUPPORTED_PROXY_SCHEMES = ('http', 'https', 'socks4', 'socks4a', 'socks5', 'socks5h')
    _SUPPORTED_FEATURES = (Features.NO_PROXY, Features.ALL_PROXY)
    RH_NAME = 'requests'

    def __init__(self, *args, **kwargs):
        super().__init__(*args, **kwargs)

        # Forward urllib3 debug messages to our logger
        logger = logging.getLogger('urllib3')
        handler = Urllib3LoggingHandler(logger=self._logger)
        handler.setFormatter(logging.Formatter('requests: %(message)s'))
        handler.addFilter(Urllib3LoggingFilter())
        logger.addHandler(handler)
        # TODO: Use a logger filter to suppress pool reuse warning instead
        logger.setLevel(logging.ERROR)

        if self.verbose:
            # Setting this globally is not ideal, but is easier than hacking with urllib3.
            # It could technically be problematic for scripts embedding yt-dlp.
            # However, it is unlikely debug traffic is used in that context in a way this will cause problems.
            urllib3.connection.HTTPConnection.debuglevel = 1
            logger.setLevel(logging.DEBUG)
        # this is expected if we are using --no-check-certificate
        urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning)

    def close(self):
        self._clear_instances()

    def _check_extensions(self, extensions):
        super()._check_extensions(extensions)
        extensions.pop('cookiejar', None)
        extensions.pop('timeout', None)

    def _create_instance(self, cookiejar):
        session = RequestsSession()
        http_adapter = RequestsHTTPAdapter(
            ssl_context=self._make_sslcontext(),
            source_address=self.source_address,
            max_retries=urllib3.util.retry.Retry(False),
        )
        session.adapters.clear()
        session.headers = requests.models.CaseInsensitiveDict({'Connection': 'keep-alive'})
        session.mount('https://', http_adapter)
        session.mount('http://', http_adapter)
        session.cookies = cookiejar
        session.trust_env = False  # no need, we already load proxies from env
        return session

    def _send(self, request):

        headers = self._merge_headers(request.headers)
        add_accept_encoding_header(headers, SUPPORTED_ENCODINGS)

        max_redirects_exceeded = False

        session = self._get_instance(
            cookiejar=request.extensions.get('cookiejar') or self.cookiejar)

        try:
            requests_res = session.request(
                method=request.method,
                url=request.url,
                data=request.data,
                headers=headers,
                timeout=float(request.extensions.get('timeout') or self.timeout),
                proxies=request.proxies or self.proxies,
                allow_redirects=True,
                stream=True
            )

        except requests.exceptions.TooManyRedirects as e:
            max_redirects_exceeded = True
            requests_res = e.response

        except requests.exceptions.SSLError as e:
            if 'CERTIFICATE_VERIFY_FAILED' in str(e):
                raise CertificateVerifyError(cause=e) from e
            raise SSLError(cause=e) from e

        except requests.exceptions.ProxyError as e:
            raise ProxyError(cause=e) from e

        except (requests.exceptions.ConnectionError, requests.exceptions.Timeout) as e:
            raise TransportError(cause=e) from e

        except urllib3.exceptions.HTTPError as e:
            # Catch any urllib3 exceptions that may leak through
            raise TransportError(cause=e) from e

        except requests.exceptions.RequestException as e:
            # Miscellaneous Requests exceptions. May not necessary be network related e.g. InvalidURL
            raise RequestError(cause=e) from e

        res = RequestsResponseAdapter(requests_res)

        if not 200 <= res.status < 300:
            raise HTTPError(res, redirect_loop=max_redirects_exceeded)

        return res


@register_preference(RequestsRH)
def requests_preference(rh, request):
    return 100


# Use our socks proxy implementation with requests to avoid an extra dependency.
class SocksHTTPConnection(urllib3.connection.HTTPConnection):
    def __init__(self, _socks_options, *args, **kwargs):  # must use _socks_options to pass PoolKey checks
        self._proxy_args = _socks_options
        super().__init__(*args, **kwargs)

    def _new_conn(self):
        try:
            return create_connection(
                address=(self._proxy_args['addr'], self._proxy_args['port']),
                timeout=self.timeout,
                source_address=self.source_address,
                _create_socket_func=functools.partial(
                    create_socks_proxy_socket, (self.host, self.port), self._proxy_args))
        except (socket.timeout, TimeoutError) as e:
            raise urllib3.exceptions.ConnectTimeoutError(
                self, f'Connection to {self.host} timed out. (connect timeout={self.timeout})') from e
        except SocksProxyError as e:
            raise urllib3.exceptions.ProxyError(str(e), e) from e
        except (OSError, socket.error) as e:
            raise urllib3.exceptions.NewConnectionError(
                self, f'Failed to establish a new connection: {e}') from e


class SocksHTTPSConnection(SocksHTTPConnection, urllib3.connection.HTTPSConnection):
    pass


class SocksHTTPConnectionPool(urllib3.HTTPConnectionPool):
    ConnectionCls = SocksHTTPConnection


class SocksHTTPSConnectionPool(urllib3.HTTPSConnectionPool):
    ConnectionCls = SocksHTTPSConnection


class SocksProxyManager(urllib3.PoolManager):

    def __init__(self, socks_proxy, username=None, password=None, num_pools=10, headers=None, **connection_pool_kw):
        connection_pool_kw['_socks_options'] = make_socks_proxy_opts(socks_proxy)
        super().__init__(num_pools, headers, **connection_pool_kw)
        self.pool_classes_by_scheme = {
            'http': SocksHTTPConnectionPool,
            'https': SocksHTTPSConnectionPool
        }


requests.adapters.SOCKSProxyManager = SocksProxyManager
Commit	Line	Data
8a8b5452	1	import contextlib
	2	import functools
	3	import http.client
	4	import logging
	5	import re
	6	import socket
	7	import warnings
	8
	9	from ..dependencies import brotli, requests, urllib3
	10	from ..utils import bug_reports_message, int_or_none, variadic
	11
	12	if requests is None:
	13	raise ImportError('requests module is not installed')
	14
	15	if urllib3 is None:
	16	raise ImportError('urllib3 module is not installed')
	17
	18	urllib3_version = tuple(int_or_none(x, default=0) for x in urllib3.__version__.split('.'))
	19
	20	if urllib3_version < (1, 26, 17):
	21	raise ImportError('Only urllib3 >= 1.26.17 is supported')
	22
	23	if requests.__build__ < 0x023100:
	24	raise ImportError('Only requests >= 2.31.0 is supported')
	25
	26	import requests.adapters
	27	import requests.utils
	28	import urllib3.connection
	29	import urllib3.exceptions
	30
	31	from ._helper import (
	32	InstanceStoreMixin,
	33	add_accept_encoding_header,
	34	create_connection,
	35	create_socks_proxy_socket,
	36	get_redirect_method,
	37	make_socks_proxy_opts,
	38	select_proxy,
	39	)
	40	from .common import (
	41	Features,
	42	RequestHandler,
	43	Response,
	44	register_preference,
	45	register_rh,
	46	)
	47	from .exceptions import (
	48	CertificateVerifyError,
	49	HTTPError,
	50	IncompleteRead,
	51	ProxyError,
	52	RequestError,
	53	SSLError,
	54	TransportError,
	55	)
	56	from ..socks import ProxyError as SocksProxyError
	57
	58	SUPPORTED_ENCODINGS = [
	59	'gzip', 'deflate'
	60	]
	61
	62	if brotli is not None:
	63	SUPPORTED_ENCODINGS.append('br')
	64
65	"""
66	Override urllib3's behavior to not convert lower-case percent-encoded characters
67	to upper-case during url normalization process.
68
69	RFC3986 defines that the lower or upper case percent-encoded hexidecimal characters are equivalent
70	and normalizers should convert them to uppercase for consistency [1].
71
72	However, some sites may have an incorrect implementation where they provide
73	a percent-encoded url that is then compared case-sensitively.[2]
74
75	While this is a very rare case, since urllib does not do this normalization step, it
76	is best to avoid it in requests too for compatability reasons.
77
78	1: https://tools.ietf.org/html/rfc3986#section-2.1
79	2: https://github.com/streamlink/streamlink/pull/4003
80	"""
81
82
83	class Urllib3PercentREOverride:
84	def __init__(self, r: re.Pattern):
85	self.re = r
86
87	# pass through all other attribute calls to the original re
88	def __getattr__(self, item):
89	return self.re.__getattribute__(item)
90
91	def subn(self, repl, string, args, *kwargs):
92	return string, self.re.subn(repl, string, args, *kwargs)[1]
93
94
95	# urllib3 >= 1.25.8 uses subn:
96	# https://github.com/urllib3/urllib3/commit/a2697e7c6b275f05879b60f593c5854a816489f0
97	import urllib3.util.url # noqa: E305
98
99	if hasattr(urllib3.util.url, 'PERCENT_RE'):
100	urllib3.util.url.PERCENT_RE = Urllib3PercentREOverride(urllib3.util.url.PERCENT_RE)
101	elif hasattr(urllib3.util.url, '_PERCENT_RE'): # urllib3 >= 2.0.0
102	urllib3.util.url._PERCENT_RE = Urllib3PercentREOverride(urllib3.util.url._PERCENT_RE)
103	else:
104	warnings.warn('Failed to patch PERCENT_RE in urllib3 (does the attribute exist?)' + bug_reports_message())
105
106	"""
107	Workaround for issue in urllib.util.ssl_.py: ssl_wrap_context does not pass
108	server_hostname to SSLContext.wrap_socket if server_hostname is an IP,
109	however this is an issue because we set check_hostname to True in our SSLContext.
110
111	Monkey-patching IS_SECURETRANSPORT forces ssl_wrap_context to pass server_hostname regardless.
112
113	This has been fixed in urllib3 2.0+.
114	See: https://github.com/urllib3/urllib3/issues/517
115	"""
116
117	if urllib3_version < (2, 0, 0):
118	with contextlib.suppress():
119	urllib3.util.IS_SECURETRANSPORT = urllib3.util.ssl_.IS_SECURETRANSPORT = True
120
121
122	# Requests will not automatically handle no_proxy by default
123	# due to buggy no_proxy handling with proxy dict [1].
124	# 1. https://github.com/psf/requests/issues/5000
125	requests.adapters.select_proxy = select_proxy
126
127
128	class RequestsResponseAdapter(Response):
129	def __init__(self, res: requests.models.Response):
130	super().__init__(
131	fp=res.raw, headers=res.headers, url=res.url,
132	status=res.status_code, reason=res.reason)
133
134	self._requests_response = res
135
136	def read(self, amt: int = None):
137	try:
138	# Interact with urllib3 response directly.
139	return self.fp.read(amt, decode_content=True)
140
141	# See urllib3.response.HTTPResponse.read() for exceptions raised on read
142	except urllib3.exceptions.SSLError as e:
143	raise SSLError(cause=e) from e
144
8a8b5452	145	except urllib3.exceptions.ProtocolError as e:
4e38e2ae	146	# IncompleteRead is always contained within ProtocolError
8a8b5452	147	# See urllib3.response.HTTPResponse._error_catcher()
	148	ir_err = next(
	149	(err for err in (e.__context__, e.__cause__, *variadic(e.args))
	150	if isinstance(err, http.client.IncompleteRead)), None)
	151	if ir_err is not None:
4e38e2ae SS	152	# `urllib3.exceptions.IncompleteRead` is subclass of `http.client.IncompleteRead`
	153	# but uses an `int` for its `partial` property.
	154	partial = ir_err.partial if isinstance(ir_err.partial, int) else len(ir_err.partial)
	155	raise IncompleteRead(partial=partial, expected=ir_err.expected) from e
8a8b5452	156	raise TransportError(cause=e) from e
	157
	158	except urllib3.exceptions.HTTPError as e:
	159	# catch-all for any other urllib3 response exceptions
	160	raise TransportError(cause=e) from e
	161
	162
	163	class RequestsHTTPAdapter(requests.adapters.HTTPAdapter):
	164	def __init__(self, ssl_context=None, proxy_ssl_context=None, source_address=None, **kwargs):
	165	self._pm_args = {}
	166	if ssl_context:
	167	self._pm_args['ssl_context'] = ssl_context
	168	if source_address:
	169	self._pm_args['source_address'] = (source_address, 0)
	170	self._proxy_ssl_context = proxy_ssl_context or ssl_context
	171	super().__init__(**kwargs)
	172
	173	def init_poolmanager(self, args, *kwargs):
	174	return super().init_poolmanager(args, kwargs, *self._pm_args)
	175
	176	def proxy_manager_for(self, proxy, **proxy_kwargs):
	177	extra_kwargs = {}
	178	if not proxy.lower().startswith('socks') and self._proxy_ssl_context:
	179	extra_kwargs['proxy_ssl_context'] = self._proxy_ssl_context
	180	return super().proxy_manager_for(proxy, proxy_kwargs, self._pm_args, **extra_kwargs)
	181
	182	def cert_verify(args, *kwargs):
	183	# lean on SSLContext for cert verification
	184	pass
	185
	186
	187	class RequestsSession(requests.sessions.Session):
	188	"""
	189	Ensure unified redirect method handling with our urllib redirect handler.
	190	"""
	191	def rebuild_method(self, prepared_request, response):
	192	new_method = get_redirect_method(prepared_request.method, response.status_code)
	193
	194	# HACK: requests removes headers/body on redirect unless code was a 307/308.
	195	if new_method == prepared_request.method:
	196	response._real_status_code = response.status_code
	197	response.status_code = 308
	198
	199	prepared_request.method = new_method
	200
	201	def rebuild_auth(self, prepared_request, response):
	202	# HACK: undo status code change from rebuild_method, if applicable.
	203	# rebuild_auth runs after requests would remove headers/body based on status code
	204	if hasattr(response, '_real_status_code'):
	205	response.status_code = response._real_status_code
	206	del response._real_status_code
	207	return super().rebuild_auth(prepared_request, response)
	208
	209
	210	class Urllib3LoggingFilter(logging.Filter):
	211
	212	def filter(self, record):
	213	# Ignore HTTP request messages since HTTPConnection prints those
	214	if record.msg == '%s://%s:%s "%s %s %s" %s %s':
	215	return False
	216	return True
	217
	218
	219	class Urllib3LoggingHandler(logging.Handler):
220	"""Redirect urllib3 logs to our logger"""
221	def __init__(self, logger, args, *kwargs):
222	super().__init__(args, *kwargs)
223	self._logger = logger
224
225	def emit(self, record):
226	try:
227	msg = self.format(record)
228	if record.levelno >= logging.ERROR:
229	self._logger.error(msg)
230	else:
231	self._logger.stdout(msg)
232
233	except Exception:
234	self.handleError(record)
235
236
237	@register_rh
238	class RequestsRH(RequestHandler, InstanceStoreMixin):
239
240	"""Requests RequestHandler
241	https://github.com/psf/requests
242	"""
243	_SUPPORTED_URL_SCHEMES = ('http', 'https')
244	_SUPPORTED_ENCODINGS = tuple(SUPPORTED_ENCODINGS)
245	_SUPPORTED_PROXY_SCHEMES = ('http', 'https', 'socks4', 'socks4a', 'socks5', 'socks5h')
246	_SUPPORTED_FEATURES = (Features.NO_PROXY, Features.ALL_PROXY)
247	RH_NAME = 'requests'
248
249	def __init__(self, args, *kwargs):
250	super().__init__(args, *kwargs)
251
252	# Forward urllib3 debug messages to our logger
253	logger = logging.getLogger('urllib3')
254	handler = Urllib3LoggingHandler(logger=self._logger)
255	handler.setFormatter(logging.Formatter('requests: %(message)s'))
256	handler.addFilter(Urllib3LoggingFilter())
257	logger.addHandler(handler)
b012271d SS	258	# TODO: Use a logger filter to suppress pool reuse warning instead
b012271d SS	259	logger.setLevel(logging.ERROR)
8a8b5452	260
	261	if self.verbose:
	262	# Setting this globally is not ideal, but is easier than hacking with urllib3.
	263	# It could technically be problematic for scripts embedding yt-dlp.
	264	# However, it is unlikely debug traffic is used in that context in a way this will cause problems.
	265	urllib3.connection.HTTPConnection.debuglevel = 1
	266	logger.setLevel(logging.DEBUG)
	267	# this is expected if we are using --no-check-certificate
	268	urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning)
	269
	270	def close(self):
	271	self._clear_instances()
	272
	273	def _check_extensions(self, extensions):
	274	super()._check_extensions(extensions)
	275	extensions.pop('cookiejar', None)
	276	extensions.pop('timeout', None)
	277
	278	def _create_instance(self, cookiejar):
	279	session = RequestsSession()
	280	http_adapter = RequestsHTTPAdapter(
	281	ssl_context=self._make_sslcontext(),
	282	source_address=self.source_address,
	283	max_retries=urllib3.util.retry.Retry(False),
	284	)
	285	session.adapters.clear()
	286	session.headers = requests.models.CaseInsensitiveDict({'Connection': 'keep-alive'})
	287	session.mount('https://', http_adapter)
	288	session.mount('http://', http_adapter)
	289	session.cookies = cookiejar
	290	session.trust_env = False # no need, we already load proxies from env
	291	return session
	292
	293	def _send(self, request):
	294
	295	headers = self._merge_headers(request.headers)
	296	add_accept_encoding_header(headers, SUPPORTED_ENCODINGS)
	297
	298	max_redirects_exceeded = False
	299
	300	session = self._get_instance(
	301	cookiejar=request.extensions.get('cookiejar') or self.cookiejar)
	302
	303	try:
	304	requests_res = session.request(
	305	method=request.method,
	306	url=request.url,
	307	data=request.data,
	308	headers=headers,
	309	timeout=float(request.extensions.get('timeout') or self.timeout),
	310	proxies=request.proxies or self.proxies,
	311	allow_redirects=True,
	312	stream=True
	313	)
	314
	315	except requests.exceptions.TooManyRedirects as e:
	316	max_redirects_exceeded = True
	317	requests_res = e.response
	318
	319	except requests.exceptions.SSLError as e:
	320	if 'CERTIFICATE_VERIFY_FAILED' in str(e):
	321	raise CertificateVerifyError(cause=e) from e
	322	raise SSLError(cause=e) from e
	323
324	except requests.exceptions.ProxyError as e:
325	raise ProxyError(cause=e) from e
326
327	except (requests.exceptions.ConnectionError, requests.exceptions.Timeout) as e:
328	raise TransportError(cause=e) from e
329
330	except urllib3.exceptions.HTTPError as e:
331	# Catch any urllib3 exceptions that may leak through
332	raise TransportError(cause=e) from e
333
334	except requests.exceptions.RequestException as e:
335	# Miscellaneous Requests exceptions. May not necessary be network related e.g. InvalidURL
336	raise RequestError(cause=e) from e
337
338	res = RequestsResponseAdapter(requests_res)
339
340	if not 200 <= res.status < 300:
341	raise HTTPError(res, redirect_loop=max_redirects_exceeded)
342
343	return res
344
345
346	@register_preference(RequestsRH)
347	def requests_preference(rh, request):
348	return 100
349
350
351	# Use our socks proxy implementation with requests to avoid an extra dependency.
352	class SocksHTTPConnection(urllib3.connection.HTTPConnection):
353	def __init__(self, _socks_options, args, *kwargs): # must use _socks_options to pass PoolKey checks
354	self._proxy_args = _socks_options
355	super().__init__(args, *kwargs)
356
357	def _new_conn(self):
358	try:
359	return create_connection(
360	address=(self._proxy_args['addr'], self._proxy_args['port']),
361	timeout=self.timeout,
362	source_address=self.source_address,
363	_create_socket_func=functools.partial(
364	create_socks_proxy_socket, (self.host, self.port), self._proxy_args))
365	except (socket.timeout, TimeoutError) as e:
366	raise urllib3.exceptions.ConnectTimeoutError(
367	self, f'Connection to {self.host} timed out. (connect timeout={self.timeout})') from e
368	except SocksProxyError as e:
369	raise urllib3.exceptions.ProxyError(str(e), e) from e
370	except (OSError, socket.error) as e:
371	raise urllib3.exceptions.NewConnectionError(
372	self, f'Failed to establish a new connection: {e}') from e
373
374
375	class SocksHTTPSConnection(SocksHTTPConnection, urllib3.connection.HTTPSConnection):
376	pass
377
378
379	class SocksHTTPConnectionPool(urllib3.HTTPConnectionPool):
380	ConnectionCls = SocksHTTPConnection
381
382
383	class SocksHTTPSConnectionPool(urllib3.HTTPSConnectionPool):
384	ConnectionCls = SocksHTTPSConnection
385
386
387	class SocksProxyManager(urllib3.PoolManager):
388
389	def __init__(self, socks_proxy, username=None, password=None, num_pools=10, headers=None, **connection_pool_kw):
390	connection_pool_kw['_socks_options'] = make_socks_proxy_opts(socks_proxy)
391	super().__init__(num_pools, headers, **connection_pool_kw)
392	self.pool_classes_by_scheme = {
393	'http': SocksHTTPConnectionPool,
394	'https': SocksHTTPSConnectionPool
395	}
396
397
398	requests.adapters.SOCKSProxyManager = SocksProxyManager