Asynchronous HTTP client/server framework for asyncio and Python
Upgraded the vendored copy of llhttp_ to v9.1.3 -- by :user:Dreamsorcerer
Thanks to :user:kenballus
for reporting this, see
https://github.com/aio-libs/aiohttp/security/advisories/GHSA-pjjw-qhg8-p2p9.
.. _llhttp: https://llhttp.org
(#7647)
Updated Python parser to comply with RFCs 9110/9112 -- by :user:Dreamorcerer
Thanks to :user:kenballus
for reporting this, see
https://github.com/aio-libs/aiohttp/security/advisories/GHSA-gfw2-4jvh-wgfg.
(#7663)
Added fallback_charset_resolver
parameter in ClientSession
to allow a user-supplied
character set detection function.
Character set detection will no longer be included in 3.9 as a default. If this feature is needed,
please use fallback_charset_resolver <https://docs.aiohttp.org/en/stable/client_advanced.html#character-set-detection>
_.
(#7561)
Enabled lenient response parsing for more flexible parsing in the client
(this should resolve some regressions when dealing with badly formatted HTTP responses). -- by :user:Dreamsorcerer
(#7490)
Fixed PermissionError
when .netrc
is unreadable due to permissions.
(#7237)
Fixed output of parsing errors pointing to a \n
. -- by :user:Dreamsorcerer
(#7468)
Fixed GunicornWebWorker
max_requests_jitter not working.
(#7518)
Fixed sorting in filter_cookies
to use cookie with longest path. -- by :user:marq24
.
(#7577)
Fixed display of BadStatusLine
messages from llhttp_. -- by :user:Dreamsorcerer
(#7651)
Upgraded the vendored copy of llhttp_ to v8.1.1 -- by :user:webknjaz
and :user:Dreamsorcerer
.
Thanks to :user:sethmlarson
for reporting this and providing us with
comprehensive reproducer, workarounds and fixing details! For more
information, see
https://github.com/aio-libs/aiohttp/security/advisories/GHSA-45c4-8wx5-qw6w.
.. _llhttp: https://llhttp.org
(#7346)
Added information to C parser exceptions to show which character caused the error. -- by :user:Dreamsorcerer
(#7366)
Fixed a transport is :data:None
error -- by :user:Dreamsorcerer
.
(#3355)
.. attention::
This is the last :doc:aiohttp <index>
release tested under
Python 3.6. The 3.9 stream is dropping it from the CI and the
distribution package metadata.
Increased the upper boundary of the :doc:multidict:index
dependency
to allow for the version 6 -- by :user:hugovk
.
It used to be limited below version 7 in :doc:aiohttp <index>
v3.8.1 but
was lowered in v3.8.2 via :pr:6550
and never brought back, causing
problems with dependency pins when upgrading. :doc:aiohttp <index>
v3.8.3
fixes that by recovering the original boundary of < 7
.
(#6950)
.. note::
This release has some compatibility fixes for Python 3.11 but it may still have some quirks. Some tests are still flaky in the CI.
.. caution::
This release has been yanked from PyPI. Modern pip will not pick it
up automatically. The reason is that is has multidict < 6
set in
the distribution package metadata (see :pr:6950
). Please, use
aiohttp ~= 3.8.3, != 3.8.1
instead, if you can.
Added support for registering :rfc:OPTIONS <9110#OPTIONS>
HTTP method handlers via :py:class:~aiohttp.web.RouteTableDef
.
(#4663)
Started supporting :rfc:authority-form <9112#authority-form>
and
:rfc:absolute-form <9112#absolute-form>
URLs on the server-side.
(#6227)
Fixed Python 3.11 incompatibilities by using Cython 0.29.25. (#6396)
Extended the sock
argument typing declaration of the
:py:func:~aiohttp.web.run_app
function as optionally
accepting iterables.
(#6401)
Fixed a regression where :py:exc:~asyncio.CancelledError
occurs on client disconnection.
(#6719)
Started exporting :py:class:~aiohttp.web.PrefixedSubAppResource
under :py:mod:aiohttp.web
-- by :user:Dreamsorcerer
.
This fixes a regression introduced by :pr:3469
.
(#6889)
Dropped the :class:object
type possibility from
the :py:attr:aiohttp.ClientSession.timeout
property return type declaration.
(#6917),
(#6923)
sock
argument typing declaration of the
:py:func:~aiohttp.web.run_app
function as optionally
accepting iterables.
(#6401)object
type possibility from
the :py:attr:aiohttp.ClientSession.timeout
property return type declaration.
(#6917),
(#6923)aiohttp <index>
only works
under Python 3.6 and higher from now on.
(#4046)pytest.warns(None) <pytest.warns>
in tests.
(#6663).. note::
This release has some compatibility fixes for Python 3.11 but it may still have some quirks. Some tests are still flaky in the CI.
.. attention::
This is the last :doc:aiohttp <index>
release tested under
Python 3.6. The 3.9 stream is dropping it from the CI and the
distribution package metadata.
Added support for registering :rfc:OPTIONS <9110#OPTIONS>
HTTP method handlers via :py:class:~aiohttp.web.RouteTableDef
.
(#4663)
Started supporting :rfc:authority-form <9112#authority-form>
and
:rfc:absolute-form <9112#absolute-form>
URLs on the server-side.
(#6227)
Fixed Python 3.11 incompatibilities by using Cython 0.29.25. (#6396)
Extended the sock
argument typing declaration of the
:py:func:~aiohttp.web.run_app
function as optionally
accepting iterables.
(#6401)
Fixed a regression where :py:exc:~asyncio.CancelledError
occurs on client disconnection.
(#6719)
Started exporting :py:class:~aiohttp.web.PrefixedSubAppResource
under :py:mod:aiohttp.web
-- by :user:Dreamsorcerer
.
This fixes a regression introduced by :pr:3469
.
(#6889)
Dropped the :class:object
type possibility from
the :py:attr:aiohttp.ClientSession.timeout
property return type declaration.
(#6917),
(#6923)
sock
argument typing declaration of the
:py:func:~aiohttp.web.run_app
function as optionally
accepting iterables.
(#6401)object
type possibility from
the :py:attr:aiohttp.ClientSession.timeout
property return type declaration.
(#6917),
(#6923)aiohttp <index>
only works
under Python 3.6 and higher from now on.
(#4046)pytest.warns(None) <pytest.warns>
in tests.
(#6663)getaddrinfo
.
getaddrinfo
will return an (int, bytes)
tuple, if CPython could not handle the address family.
It will cause a index out of range error in aiohttp. For example, if user compile CPython with
--disable-ipv6
option but his system enable the ipv6.
(#5901)Signal
from __all__
, replace aiohttp.Signal
with aiosignal.Signal
in docs
(#6201)Dreamsorcerer
.
(#6278)Added a GunicornWebWorker
feature for extending the aiohttp server configuration by allowing the 'wsgi' coroutine to return web.AppRunner
object.
(#2988)_
Switch from http-parser
to llhttp
(#3561)_
Use Brotli instead of brotlipy (#3803)_
Disable implicit switch-back to pure python mode. The build fails loudly if aiohttp cannot be compiled with C Accelerators. Use AIOHTTP_NO_EXTENSIONS=1 to explicitly disable C Extensions complication and switch to Pure-Python mode. Note that Pure-Python mode is significantly slower than compiled one. (#3828)_
Make access log use local time with timezone (#3853)_
Implemented readuntil
in StreamResponse
(#4054)_
FileResponse now supports ETag. (#4594)_
Add a request handler type alias aiohttp.typedefs.Handler
.
(#4686)_
AioHTTPTestCase
is more async friendly now.
For people who use unittest and are used to use :py:exc:~unittest.TestCase
it will be easier to write new test cases like the sync version of the :py:exc:~unittest.TestCase
class,
without using the decorator @unittest_run_loop
, just async def test_*
.
The only difference is that for the people using python3.7 and below a new dependency is needed, it is asynctestcase
.
(#4700)_
Add validation of HTTP header keys and values to prevent header injection. (#4818)_
Add predicate to AbstractCookieJar.clear
.
Add AbstractCookieJar.clear_domain
to clean all domain and subdomains cookies only.
(#4942)_
Add keepalive_timeout parameter to web.run_app. (#5094)_
Tracing for client sent headers (#5105)_
Make type hints for http parser stricter (#5267)_
Add final declarations for constants. (#5275)_
Switch to external frozenlist and aiosignal libraries. (#5293)_
Don't send secure cookies by insecure transports.
By default, the transport is secure if https or wss scheme is used.
Use CookieJar(treat_as_secure_origin="http://127.0.0.1")
to override the default security checker.
(#5571)_
Always create a new event loop in aiohttp.web.run_app()
.
This adds better compatibility with asyncio.run()
or if trying to run multiple apps in sequence.
(#5572)_
Add aiohttp.pytest_plugin.AiohttpClient
for static typing of pytest plugin.
(#5585)_
Added a socket_factory
argument to BaseTestServer
.
(#5844)_
Add compression strategy parameter to enable_compression method. (#5909)_
Added support for Python 3.10 to Github Actions CI/CD workflows and fix the related deprecation warnings -- :user:Hanaasagi
.
(#5927)_
Switched chardet
to charset-normalizer
for guessing the HTTP payload body encoding -- :user:Ousret
.
(#5930)_
Added optional auto_decompress argument for HttpRequestParser (#5957)_
Added support for HTTPS proxies to the extent CPython's
:py:mod:asyncio
supports it -- by :user:bmbouter
,
:user:jborean93
and :user:webknjaz
.
(#5992)_
Added base_url
parameter to the initializer of :class:~aiohttp.ClientSession
.
(#6013)_
Add Trove classifier and create binary wheels for 3.10. -- :user:hugovk
.
(#6079)_
Started shipping platform-specific wheels with the musl
tag targeting typical Alpine Linux runtimes — :user:asvetlov
.
(#6139)_
Started shipping platform-specific arm64 wheels for Apple Silicon — :user:asvetlov
.
(#6139)_
await resp.write(...)
or ws.send_json(...)
calls without race-condition.
(#2934)
MultiLoopChildWatcher
when it's available under POSIX while setting up the test I/O loop.
(#3450)_no_proxy
environment variables.
(#4431)_routes.static('/foo', '/foo')
no longer matches the URL /foobar
. Previously, this would attempt to load the file /foo/ar
.
(#5250)_and
WSRequestContextManager``
(#5329)
ClientResponse
object on calls to the ok
property for the failed requests.
(#5403)_params
keyword argument in tracing URL
.
(#5432)_tempfile.Temporaryfile
-created
_io.BufferedRandom
instances of files sent within multipart request
bodies via HTTP POST requests -- by :user:webknjaz
.
(#5494)_tests/autobahn/server.py
with call to web.run_app
; replace deprecated aiohttp.ws_connect
calls in tests/autobahn/client.py
with aiohttp.ClienSession.ws_connect
.
(#5606)_HTTPUnauthorized
that access the text
argument. This is not used in any part of the code, so it's removed now.
(#5657)_params
keyword argument to ClientSession.ws_connect
. -- :user:hoh
.
(#5868)_~asyncio.ThreadedChildWatcher
under POSIX to allow setting up test loop in non-main thread.
(#5877)_getaddrinfo
.
getaddrinfo
will return an (int, bytes)
tuple, if CPython could not handle the address family.
It will cause a index out of range error in aiohttp. For example, if user compile CPython with
--disable-ipv6
option but his system enable the ipv6.
(#5901)_loop
argument from the asyncio.sleep
/gather
calls
(#5905)_None
from request.if_modified_since
, request.if_unmodified_since
, request.if_range
and response.last_modified
when corresponding http date headers are invalid.
(#5925)_SIGCHLD
signals in Gunicorn aiohttp Worker to fix subprocesses
that capture output having an incorrect returncode
.
(#6130)_400: Content-Length can't be present with Transfer-Encoding
if both Content-Length
and Transfer-Encoding
are sent by peer by both C and Python implementations
(#6182)_aio-openapi
(#5326)_Authorization
header is removed
on redirects to a different host or protocol.
(#5850)_chardet
runtime dependency
to allow their v4.0 version stream.
(#5366)_Added a GunicornWebWorker
feature for extending the aiohttp server configuration by allowing the 'wsgi' coroutine to return web.AppRunner
object.
(#2988)_
Switch from http-parser
to llhttp
(#3561)_
Use Brotli instead of brotlipy (#3803)_
Disable implicit switch-back to pure python mode. The build fails loudly if aiohttp cannot be compiled with C Accelerators. Use AIOHTTP_NO_EXTENSIONS=1 to explicitly disable C Extensions complication and switch to Pure-Python mode. Note that Pure-Python mode is significantly slower than compiled one. (#3828)_
Make access log use local time with timezone (#3853)_
Implemented readuntil
in StreamResponse
(#4054)_
FileResponse now supports ETag. (#4594)_
Add a request handler type alias aiohttp.typedefs.Handler
.
(#4686)_
AioHTTPTestCase
is more async friendly now.
For people who use unittest and are used to use :py:exc:~unittest.TestCase
it will be easier to write new test cases like the sync version of the :py:exc:~unittest.TestCase
class,
without using the decorator @unittest_run_loop
, just async def test_*
.
The only difference is that for the people using python3.7 and below a new dependency is needed, it is asynctestcase
.
(#4700)_
Add validation of HTTP header keys and values to prevent header injection. (#4818)_
Add predicate to AbstractCookieJar.clear
.
Add AbstractCookieJar.clear_domain
to clean all domain and subdomains cookies only.
(#4942)_
Add keepalive_timeout parameter to web.run_app. (#5094)_
Tracing for client sent headers (#5105)_
Make type hints for http parser stricter (#5267)_
Add final declarations for constants. (#5275)_
Switch to external frozenlist and aiosignal libraries. (#5293)_
Don't send secure cookies by insecure transports.
By default, the transport is secure if https or wss scheme is used.
Use CookieJar(treat_as_secure_origin="http://127.0.0.1")
to override the default security checker.
(#5571)_
Always create a new event loop in aiohttp.web.run_app()
.
This adds better compatibility with asyncio.run()
or if trying to run multiple apps in sequence.
(#5572)_
Add aiohttp.pytest_plugin.AiohttpClient
for static typing of pytest plugin.
(#5585)_
Added a socket_factory
argument to BaseTestServer
.
(#5844)_
Add compression strategy parameter to enable_compression method. (#5909)_
Added support for Python 3.10 to Github Actions CI/CD workflows and fix the related deprecation warnings -- :user:Hanaasagi
.
(#5927)_
Switched chardet
to charset-normalizer
for guessing the HTTP payload body encoding -- :user:Ousret
.
(#5930)_
Added optional auto_decompress argument for HttpRequestParser (#5957)_
Added support for HTTPS proxies to the extent CPython's
:py:mod:asyncio
supports it -- by :user:bmbouter
,
:user:jborean93
and :user:webknjaz
.
(#5992)_
Added base_url
parameter to the initializer of :class:~aiohttp.ClientSession
.
(#6013)_
Add Trove classifier and create binary wheels for 3.10. -- :user:hugovk
.
(#6079)_
Started shipping platform-specific wheels with the musl
tag targeting typical Alpine Linux runtimes — :user:asvetlov
.
(#6139)_
Started shipping platform-specific arm64 wheels for Apple Silicon — :user:asvetlov
.
(#6139)_
await resp.write(...)
or ws.send_json(...)
calls without race-condition.
(#2934)
MultiLoopChildWatcher
when it's available under POSIX while setting up the test I/O loop.
(#3450)_no_proxy
environment variables.
(#4431)_routes.static('/foo', '/foo')
no longer matches the URL /foobar
. Previously, this would attempt to load the file /foo/ar
.
(#5250)_and
WSRequestContextManager``
(#5329)
ClientResponse
object on calls to the ok
property for the failed requests.
(#5403)_params
keyword argument in tracing URL
.
(#5432)_tempfile.Temporaryfile
-created
_io.BufferedRandom
instances of files sent within multipart request
bodies via HTTP POST requests -- by :user:webknjaz
.
(#5494)_tests/autobahn/server.py
with call to web.run_app
; replace deprecated aiohttp.ws_connect
calls in tests/autobahn/client.py
with aiohttp.ClienSession.ws_connect
.
(#5606)_HTTPUnauthorized
that access the text
argument. This is not used in any part of the code, so it's removed now.
(#5657)_params
keyword argument to ClientSession.ws_connect
. -- :user:hoh
.
(#5868)_~asyncio.ThreadedChildWatcher
under POSIX to allow setting up test loop in non-main thread.
(#5877)_getaddrinfo
.
getaddrinfo
will return an (int, bytes)
tuple, if CPython could not handle the address family.
It will cause a index out of range error in aiohttp. For example, if user compile CPython with
--disable-ipv6
option but his system enable the ipv6.
(#5901)_loop
argument from the asyncio.sleep
/gather
calls
(#5905)_None
from request.if_modified_since
, request.if_unmodified_since
, request.if_range
and response.last_modified
when corresponding http date headers are invalid.
(#5925)_SIGCHLD
signals in Gunicorn aiohttp Worker to fix subprocesses
that capture output having an incorrect returncode
.
(#6130)_400: Content-Length can't be present with Transfer-Encoding
if both Content-Length
and Transfer-Encoding
are sent by peer by both C and Python implementations
(#6182)_aio-openapi
(#5326)_Authorization
header is removed
on redirects to a different host or protocol.
(#5850)_chardet
runtime dependency
to allow their v4.0 version stream.
(#5366)_Added a GunicornWebWorker
feature for extending the aiohttp server configuration by allowing the 'wsgi' coroutine to return web.AppRunner
object.
(#2988)_
Switch from http-parser
to llhttp
(#3561)_
Use Brotli instead of brotlipy (#3803)_
Disable implicit switch-back to pure python mode. The build fails loudly if aiohttp cannot be compiled with C Accelerators. Use AIOHTTP_NO_EXTENSIONS=1 to explicitly disable C Extensions complication and switch to Pure-Python mode. Note that Pure-Python mode is significantly slower than compiled one. (#3828)_
Make access log use local time with timezone (#3853)_
Implemented readuntil
in StreamResponse
(#4054)_
FileResponse now supports ETag. (#4594)_
Add a request handler type alias aiohttp.typedefs.Handler
.
(#4686)_
AioHTTPTestCase
is more async friendly now.
For people who use unittest and are used to use :py:exc:~unittest.TestCase
it will be easier to write new test cases like the sync version of the :py:exc:~unittest.TestCase
class,
without using the decorator @unittest_run_loop
, just async def test_*
.
The only difference is that for the people using python3.7 and below a new dependency is needed, it is asynctestcase
.
(#4700)_
Add validation of HTTP header keys and values to prevent header injection. (#4818)_
Add predicate to AbstractCookieJar.clear
.
Add AbstractCookieJar.clear_domain
to clean all domain and subdomains cookies only.
(#4942)_
Add keepalive_timeout parameter to web.run_app. (#5094)_
Tracing for client sent headers (#5105)_
Make type hints for http parser stricter (#5267)_
Add final declarations for constants. (#5275)_
Switch to external frozenlist and aiosignal libraries. (#5293)_
Don't send secure cookies by insecure transports.
By default, the transport is secure if https or wss scheme is used.
Use CookieJar(treat_as_secure_origin="http://127.0.0.1")
to override the default security checker.
(#5571)_
Always create a new event loop in aiohttp.web.run_app()
.
This adds better compatibility with asyncio.run()
or if trying to run multiple apps in sequence.
(#5572)_
Add aiohttp.pytest_plugin.AiohttpClient
for static typing of pytest plugin.
(#5585)_
Added a socket_factory
argument to BaseTestServer
.
(#5844)_
Add compression strategy parameter to enable_compression method. (#5909)_
Added support for Python 3.10 to Github Actions CI/CD workflows and fix the related deprecation warnings -- :user:Hanaasagi
.
(#5927)_
Switched chardet
to charset-normalizer
for guessing the HTTP payload body encoding -- :user:Ousret
.
(#5930)_
Added optional auto_decompress argument for HttpRequestParser (#5957)_
Added support for HTTPS proxies to the extent CPython's
:py:mod:asyncio
supports it -- by :user:bmbouter
,
:user:jborean93
and :user:webknjaz
.
(#5992)_
Add Trove classifier and create binary wheels for 3.10. -- :user:hugovk
.
(#6079)_
Started shipping platform-specific wheels with the musl
tag targeting typical Alpine Linux runtimes — :user:asvetlov
.
(#6139)_
Started shipping platform-specific arm64 wheels for Apple Silicon — :user:asvetlov
.
(#6139)_
await resp.write(...)
or ws.send_json(...)
calls without race-condition.
(#2934)
MultiLoopChildWatcher
when it's available under POSIX while setting up the test I/O loop.
(#3450)_no_proxy
environment variables.
(#4431)_and
WSRequestContextManager``
(#5329)
ClientResponse
object on calls to the ok
property for the failed requests.
(#5403)_params
keyword argument in tracing URL
.
(#5432)_tempfile.Temporaryfile
-created
_io.BufferedRandom
instances of files sent within multipart request
bodies via HTTP POST requests -- by :user:webknjaz
.
(#5494)_tests/autobahn/server.py
with call to web.run_app
; replace deprecated aiohttp.ws_connect
calls in tests/autobahn/client.py
with aiohttp.ClienSession.ws_connect
.
(#5606)_HTTPUnauthorized
that access the text
argument. This is not used in any part of the code, so it's removed now.
(#5657)_params
keyword argument to ClientSession.ws_connect
. -- :user:hoh
.
(#5868)_~asyncio.ThreadedChildWatcher
under POSIX to allow setting up test loop in non-main thread.
(#5877)_getaddrinfo
.
getaddrinfo
will return an (int, bytes)
tuple, if CPython could not handle the address family.
It will cause a index out of range error in aiohttp. For example, if user compile CPython with
--disable-ipv6
option but his system enable the ipv6.
(#5901)_loop
argument from the asyncio.sleep
/gather
calls
(#5905)_None
from request.if_modified_since
, request.if_unmodified_since
, request.if_range
and response.last_modified
when corresponding http date headers are invalid.
(#5925)_SIGCHLD
signals in Gunicorn aiohttp Worker to fix subprocesses
that capture output having an incorrect returncode
.
(#6130)_aio-openapi
(#5326)_Authorization
header is removed
on redirects to a different host or protocol.
(#5850)_chardet
runtime dependency
to allow their v4.0 version stream.
(#5366)_#3803 <https://github.com/aio-libs/aiohttp/issues/3803>
_#4077 <https://github.com/aio-libs/aiohttp/issues/4077>
_#3532 <https://github.com/aio-libs/aiohttp/issues/3532>
_web_middlewares.normalize_path_middleware
behavior for patch without slash.
#3669 <https://github.com/aio-libs/aiohttp/issues/3669>
_#3701 <https://github.com/aio-libs/aiohttp/issues/3701>
_BaseConnector.close()
a coroutine and wait until the client closes all connections. Drop deprecated "with Connector():" syntax.
#3736 <https://github.com/aio-libs/aiohttp/issues/3736>
_sock_read
timeout each time data is received for a aiohttp.client
response.
#3808 <https://github.com/aio-libs/aiohttp/issues/3808>
_#3880 <https://github.com/aio-libs/aiohttp/issues/3880>
_#5156 <https://github.com/aio-libs/aiohttp/issues/5156>
_#5163 <https://github.com/aio-libs/aiohttp/issues/5163>
_#5230 <https://github.com/aio-libs/aiohttp/issues/5230>
_aiohttp.web.FileResponse
.
#3958 <https://github.com/aio-libs/aiohttp/issues/3958>
_#3964 <https://github.com/aio-libs/aiohttp/issues/3964>
_aiohttp.client.request
.
#4603 <https://github.com/aio-libs/aiohttp/issues/4603>
_#5228 <https://github.com/aio-libs/aiohttp/issues/5228>
_#4102 <https://github.com/aio-libs/aiohttp/issues/4102>
_