From 3299771e3497199adda6ad6354f78742806cd320 Mon Sep 17 00:00:00 2001
From: Ian Cordasco <graffatcolmingov@gmail.com>
Date: Thu, 7 Feb 2013 21:08:20 -0500
Subject: [PATCH] Fix the potential issue mentioned in #1151

See: https://github.com/kennethreitz/requests/pull/1151#issuecomment-12905796

This is solved by just reusing the PreparedRequest from the last request.
---
 requests/sessions.py | 35 ++++++++++++++++++-----------------
 1 file changed, 18 insertions(+), 17 deletions(-)

diff --git a/requests/sessions.py b/requests/sessions.py
index 9dff255..8c1152c 100644
--- a/requests/sessions.py
+++ b/requests/sessions.py
@@ -74,9 +74,8 @@ def merge_kwargs(local_kwarg, default_kwarg):
 
 
 class SessionRedirectMixin(object):
-
-    def resolve_redirects(self, resp, req, stream=False, timeout=None,
-                          verify=True, cert=None, proxies=None):
+    def resolve_redirects(self, resp, prepared_request, stream=False,
+                          timeout=None, verify=True, cert=None, proxies=None):
         """Receives a Response. Returns a generator of Responses."""
 
         i = 0
@@ -93,7 +92,7 @@ class SessionRedirectMixin(object):
             resp.close()
 
             url = resp.headers['location']
-            method = req.method
+            method = prepared_request.method
 
             # Handle redirection without scheme (see: RFC 1808 Section 4)
             if url.startswith('//'):
@@ -106,34 +105,35 @@ class SessionRedirectMixin(object):
                 # Compliant with RFC3986, we percent encode the url.
                 url = urljoin(resp.url, requote_uri(url))
 
+            prepared_request.url = url
+
             # http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html#sec10.3.4
-            if resp.status_code == codes.see_other and req.method != 'HEAD':
+            if (resp.status_code == codes.see_other and
+                    prepared_request.method != 'HEAD'):
                 method = 'GET'
 
             # Do what the browsers do, despite standards...
-            if resp.status_code in (codes.moved, codes.found) and req.method == 'POST':
+            if (resp.status_code in (codes.moved, codes.found) and
+                    prepared_request.method == 'POST'):
                 method = 'GET'
 
+            prepared_request.method = method
+
             # Remove the cookie headers that were sent.
-            headers = req.headers
+            headers = prepared_request.headers
             try:
                 del headers['Cookie']
             except KeyError:
                 pass
 
-            resp = self.request(
-                url=url,
-                method=method,
-                headers=headers,
-                auth=req.auth,
-                cookies=req.cookies,
-                allow_redirects=False,
+            resp = self.send(
+                prepared_request,
                 stream=stream,
                 timeout=timeout,
                 verify=verify,
                 cert=cert,
                 proxies=proxies,
-                hooks=req.hooks,
+                allow_redirects=False,
             )
 
             i += 1
@@ -392,8 +392,9 @@ class Session(SessionRedirectMixin):
         r.elapsed = datetime.utcnow() - start
 
         # Redirect resolving generator.
-        gen = self.resolve_redirects(r, req, stream=stream, timeout=timeout,
-                                     verify=verify, cert=cert, proxies=proxies)
+        gen = self.resolve_redirects(r, request, stream=stream,
+                                     timeout=timeout, verify=verify, cert=cert,
+                                     proxies=proxies)
 
         # Resolve redirects if allowed.
         history = [resp for resp in gen] if allow_redirects else []
-- 
2.7.4