Asynchronous HTTP client/server framework for asyncio and Python
Upgraded the vendored copy of llhttp_ to v9.1.3 -- by :user:Dreamsorcerer
Thanks to :user:kenballus for reporting this, see
https://github.com/aio-libs/aiohttp/security/advisories/GHSA-pjjw-qhg8-p2p9.
.. _llhttp: https://llhttp.org
(#7647)
Updated Python parser to comply with RFCs 9110/9112 -- by :user:Dreamorcerer
Thanks to :user:kenballus for reporting this, see
https://github.com/aio-libs/aiohttp/security/advisories/GHSA-gfw2-4jvh-wgfg.
(#7663)
Added fallback_charset_resolver parameter in ClientSession to allow a user-supplied
character set detection function.
Character set detection will no longer be included in 3.9 as a default. If this feature is needed,
please use fallback_charset_resolver <https://docs.aiohttp.org/en/stable/client_advanced.html#character-set-detection>_.
(#7561)
Enabled lenient response parsing for more flexible parsing in the client
(this should resolve some regressions when dealing with badly formatted HTTP responses). -- by :user:Dreamsorcerer
(#7490)
Fixed PermissionError when .netrc is unreadable due to permissions.
(#7237)
Fixed output of parsing errors pointing to a \n. -- by :user:Dreamsorcerer
(#7468)
Fixed GunicornWebWorker max_requests_jitter not working.
(#7518)
Fixed sorting in filter_cookies to use cookie with longest path. -- by :user:marq24.
(#7577)
Fixed display of BadStatusLine messages from llhttp_. -- by :user:Dreamsorcerer
(#7651)
Upgraded the vendored copy of llhttp_ to v8.1.1 -- by :user:webknjaz
and :user:Dreamsorcerer.
Thanks to :user:sethmlarson for reporting this and providing us with
comprehensive reproducer, workarounds and fixing details! For more
information, see
https://github.com/aio-libs/aiohttp/security/advisories/GHSA-45c4-8wx5-qw6w.
.. _llhttp: https://llhttp.org
(#7346)
Added information to C parser exceptions to show which character caused the error. -- by :user:Dreamsorcerer
(#7366)
Fixed a transport is :data:None error -- by :user:Dreamsorcerer.
(#3355)
.. attention::
This is the last :doc:aiohttp <index> release tested under
Python 3.6. The 3.9 stream is dropping it from the CI and the
distribution package metadata.
Increased the upper boundary of the :doc:multidict:index dependency
to allow for the version 6 -- by :user:hugovk.
It used to be limited below version 7 in :doc:aiohttp <index> v3.8.1 but
was lowered in v3.8.2 via :pr:6550 and never brought back, causing
problems with dependency pins when upgrading. :doc:aiohttp <index> v3.8.3
fixes that by recovering the original boundary of < 7.
(#6950)
.. note::
This release has some compatibility fixes for Python 3.11 but it may still have some quirks. Some tests are still flaky in the CI.
.. caution::
This release has been yanked from PyPI. Modern pip will not pick it
up automatically. The reason is that is has multidict < 6 set in
the distribution package metadata (see :pr:6950). Please, use
aiohttp ~= 3.8.3, != 3.8.1 instead, if you can.
Added support for registering :rfc:OPTIONS <9110#OPTIONS>
HTTP method handlers via :py:class:~aiohttp.web.RouteTableDef.
(#4663)
Started supporting :rfc:authority-form <9112#authority-form> and
:rfc:absolute-form <9112#absolute-form> URLs on the server-side.
(#6227)
Fixed Python 3.11 incompatibilities by using Cython 0.29.25. (#6396)
Extended the sock argument typing declaration of the
:py:func:~aiohttp.web.run_app function as optionally
accepting iterables.
(#6401)
Fixed a regression where :py:exc:~asyncio.CancelledError
occurs on client disconnection.
(#6719)
Started exporting :py:class:~aiohttp.web.PrefixedSubAppResource
under :py:mod:aiohttp.web -- by :user:Dreamsorcerer.
This fixes a regression introduced by :pr:3469.
(#6889)
Dropped the :class:object type possibility from
the :py:attr:aiohttp.ClientSession.timeout
property return type declaration.
(#6917),
(#6923)
sock argument typing declaration of the
:py:func:~aiohttp.web.run_app function as optionally
accepting iterables.
(#6401)object type possibility from
the :py:attr:aiohttp.ClientSession.timeout
property return type declaration.
(#6917),
(#6923)aiohttp <index> only works
under Python 3.6 and higher from now on.
(#4046)pytest.warns(None) <pytest.warns> in tests.
(#6663).. note::
This release has some compatibility fixes for Python 3.11 but it may still have some quirks. Some tests are still flaky in the CI.
.. attention::
This is the last :doc:aiohttp <index> release tested under
Python 3.6. The 3.9 stream is dropping it from the CI and the
distribution package metadata.
Added support for registering :rfc:OPTIONS <9110#OPTIONS>
HTTP method handlers via :py:class:~aiohttp.web.RouteTableDef.
(#4663)
Started supporting :rfc:authority-form <9112#authority-form> and
:rfc:absolute-form <9112#absolute-form> URLs on the server-side.
(#6227)
Fixed Python 3.11 incompatibilities by using Cython 0.29.25. (#6396)
Extended the sock argument typing declaration of the
:py:func:~aiohttp.web.run_app function as optionally
accepting iterables.
(#6401)
Fixed a regression where :py:exc:~asyncio.CancelledError
occurs on client disconnection.
(#6719)
Started exporting :py:class:~aiohttp.web.PrefixedSubAppResource
under :py:mod:aiohttp.web -- by :user:Dreamsorcerer.
This fixes a regression introduced by :pr:3469.
(#6889)
Dropped the :class:object type possibility from
the :py:attr:aiohttp.ClientSession.timeout
property return type declaration.
(#6917),
(#6923)
sock argument typing declaration of the
:py:func:~aiohttp.web.run_app function as optionally
accepting iterables.
(#6401)object type possibility from
the :py:attr:aiohttp.ClientSession.timeout
property return type declaration.
(#6917),
(#6923)aiohttp <index> only works
under Python 3.6 and higher from now on.
(#4046)pytest.warns(None) <pytest.warns> in tests.
(#6663)getaddrinfo.
getaddrinfo will return an (int, bytes) tuple, if CPython could not handle the address family.
It will cause a index out of range error in aiohttp. For example, if user compile CPython with
--disable-ipv6 option but his system enable the ipv6.
(#5901)Signal from __all__, replace aiohttp.Signal with aiosignal.Signal in docs
(#6201)Dreamsorcerer.
(#6278)Added a GunicornWebWorker feature for extending the aiohttp server configuration by allowing the 'wsgi' coroutine to return web.AppRunner object.
(#2988)_
Switch from http-parser to llhttp
(#3561)_
Use Brotli instead of brotlipy (#3803)_
Disable implicit switch-back to pure python mode. The build fails loudly if aiohttp cannot be compiled with C Accelerators. Use AIOHTTP_NO_EXTENSIONS=1 to explicitly disable C Extensions complication and switch to Pure-Python mode. Note that Pure-Python mode is significantly slower than compiled one. (#3828)_
Make access log use local time with timezone (#3853)_
Implemented readuntil in StreamResponse
(#4054)_
FileResponse now supports ETag. (#4594)_
Add a request handler type alias aiohttp.typedefs.Handler.
(#4686)_
AioHTTPTestCase is more async friendly now.
For people who use unittest and are used to use :py:exc:~unittest.TestCase
it will be easier to write new test cases like the sync version of the :py:exc:~unittest.TestCase class,
without using the decorator @unittest_run_loop, just async def test_*.
The only difference is that for the people using python3.7 and below a new dependency is needed, it is asynctestcase.
(#4700)_
Add validation of HTTP header keys and values to prevent header injection. (#4818)_
Add predicate to AbstractCookieJar.clear.
Add AbstractCookieJar.clear_domain to clean all domain and subdomains cookies only.
(#4942)_
Add keepalive_timeout parameter to web.run_app. (#5094)_
Tracing for client sent headers (#5105)_
Make type hints for http parser stricter (#5267)_
Add final declarations for constants. (#5275)_
Switch to external frozenlist and aiosignal libraries. (#5293)_
Don't send secure cookies by insecure transports.
By default, the transport is secure if https or wss scheme is used.
Use CookieJar(treat_as_secure_origin="http://127.0.0.1") to override the default security checker.
(#5571)_
Always create a new event loop in aiohttp.web.run_app().
This adds better compatibility with asyncio.run() or if trying to run multiple apps in sequence.
(#5572)_
Add aiohttp.pytest_plugin.AiohttpClient for static typing of pytest plugin.
(#5585)_
Added a socket_factory argument to BaseTestServer.
(#5844)_
Add compression strategy parameter to enable_compression method. (#5909)_
Added support for Python 3.10 to Github Actions CI/CD workflows and fix the related deprecation warnings -- :user:Hanaasagi.
(#5927)_
Switched chardet to charset-normalizer for guessing the HTTP payload body encoding -- :user:Ousret.
(#5930)_
Added optional auto_decompress argument for HttpRequestParser (#5957)_
Added support for HTTPS proxies to the extent CPython's
:py:mod:asyncio supports it -- by :user:bmbouter,
:user:jborean93 and :user:webknjaz.
(#5992)_
Added base_url parameter to the initializer of :class:~aiohttp.ClientSession.
(#6013)_
Add Trove classifier and create binary wheels for 3.10. -- :user:hugovk.
(#6079)_
Started shipping platform-specific wheels with the musl tag targeting typical Alpine Linux runtimes — :user:asvetlov.
(#6139)_
Started shipping platform-specific arm64 wheels for Apple Silicon — :user:asvetlov.
(#6139)_
await resp.write(...) or ws.send_json(...) calls without race-condition.
(#2934)
MultiLoopChildWatcher when it's available under POSIX while setting up the test I/O loop.
(#3450)_no_proxy environment variables.
(#4431)_routes.static('/foo', '/foo') no longer matches the URL /foobar. Previously, this would attempt to load the file /foo/ar.
(#5250)_andWSRequestContextManager``
(#5329)
ClientResponse object on calls to the ok property for the failed requests.
(#5403)_params keyword argument in tracing URL.
(#5432)_tempfile.Temporaryfile-created
_io.BufferedRandom instances of files sent within multipart request
bodies via HTTP POST requests -- by :user:webknjaz.
(#5494)_tests/autobahn/server.py with call to web.run_app; replace deprecated aiohttp.ws_connect calls in tests/autobahn/client.py with aiohttp.ClienSession.ws_connect.
(#5606)_HTTPUnauthorized that access the text argument. This is not used in any part of the code, so it's removed now.
(#5657)_params keyword argument to ClientSession.ws_connect. -- :user:hoh.
(#5868)_~asyncio.ThreadedChildWatcher under POSIX to allow setting up test loop in non-main thread.
(#5877)_getaddrinfo.
getaddrinfo will return an (int, bytes) tuple, if CPython could not handle the address family.
It will cause a index out of range error in aiohttp. For example, if user compile CPython with
--disable-ipv6 option but his system enable the ipv6.
(#5901)_loop argument from the asyncio.sleep/gather calls
(#5905)_None from request.if_modified_since, request.if_unmodified_since, request.if_range and response.last_modified when corresponding http date headers are invalid.
(#5925)_SIGCHLD signals in Gunicorn aiohttp Worker to fix subprocesses that capture output having an incorrect returncode.
(#6130)_400: Content-Length can't be present with Transfer-Encoding if both Content-Length and Transfer-Encoding are sent by peer by both C and Python implementations
(#6182)_aio-openapi
(#5326)_Authorization header is removed
on redirects to a different host or protocol.
(#5850)_chardet runtime dependency
to allow their v4.0 version stream.
(#5366)_Added a GunicornWebWorker feature for extending the aiohttp server configuration by allowing the 'wsgi' coroutine to return web.AppRunner object.
(#2988)_
Switch from http-parser to llhttp
(#3561)_
Use Brotli instead of brotlipy (#3803)_
Disable implicit switch-back to pure python mode. The build fails loudly if aiohttp cannot be compiled with C Accelerators. Use AIOHTTP_NO_EXTENSIONS=1 to explicitly disable C Extensions complication and switch to Pure-Python mode. Note that Pure-Python mode is significantly slower than compiled one. (#3828)_
Make access log use local time with timezone (#3853)_
Implemented readuntil in StreamResponse
(#4054)_
FileResponse now supports ETag. (#4594)_
Add a request handler type alias aiohttp.typedefs.Handler.
(#4686)_
AioHTTPTestCase is more async friendly now.
For people who use unittest and are used to use :py:exc:~unittest.TestCase
it will be easier to write new test cases like the sync version of the :py:exc:~unittest.TestCase class,
without using the decorator @unittest_run_loop, just async def test_*.
The only difference is that for the people using python3.7 and below a new dependency is needed, it is asynctestcase.
(#4700)_
Add validation of HTTP header keys and values to prevent header injection. (#4818)_
Add predicate to AbstractCookieJar.clear.
Add AbstractCookieJar.clear_domain to clean all domain and subdomains cookies only.
(#4942)_
Add keepalive_timeout parameter to web.run_app. (#5094)_
Tracing for client sent headers (#5105)_
Make type hints for http parser stricter (#5267)_
Add final declarations for constants. (#5275)_
Switch to external frozenlist and aiosignal libraries. (#5293)_
Don't send secure cookies by insecure transports.
By default, the transport is secure if https or wss scheme is used.
Use CookieJar(treat_as_secure_origin="http://127.0.0.1") to override the default security checker.
(#5571)_
Always create a new event loop in aiohttp.web.run_app().
This adds better compatibility with asyncio.run() or if trying to run multiple apps in sequence.
(#5572)_
Add aiohttp.pytest_plugin.AiohttpClient for static typing of pytest plugin.
(#5585)_
Added a socket_factory argument to BaseTestServer.
(#5844)_
Add compression strategy parameter to enable_compression method. (#5909)_
Added support for Python 3.10 to Github Actions CI/CD workflows and fix the related deprecation warnings -- :user:Hanaasagi.
(#5927)_
Switched chardet to charset-normalizer for guessing the HTTP payload body encoding -- :user:Ousret.
(#5930)_
Added optional auto_decompress argument for HttpRequestParser (#5957)_
Added support for HTTPS proxies to the extent CPython's
:py:mod:asyncio supports it -- by :user:bmbouter,
:user:jborean93 and :user:webknjaz.
(#5992)_
Added base_url parameter to the initializer of :class:~aiohttp.ClientSession.
(#6013)_
Add Trove classifier and create binary wheels for 3.10. -- :user:hugovk.
(#6079)_
Started shipping platform-specific wheels with the musl tag targeting typical Alpine Linux runtimes — :user:asvetlov.
(#6139)_
Started shipping platform-specific arm64 wheels for Apple Silicon — :user:asvetlov.
(#6139)_
await resp.write(...) or ws.send_json(...) calls without race-condition.
(#2934)
MultiLoopChildWatcher when it's available under POSIX while setting up the test I/O loop.
(#3450)_no_proxy environment variables.
(#4431)_routes.static('/foo', '/foo') no longer matches the URL /foobar. Previously, this would attempt to load the file /foo/ar.
(#5250)_andWSRequestContextManager``
(#5329)
ClientResponse object on calls to the ok property for the failed requests.
(#5403)_params keyword argument in tracing URL.
(#5432)_tempfile.Temporaryfile-created
_io.BufferedRandom instances of files sent within multipart request
bodies via HTTP POST requests -- by :user:webknjaz.
(#5494)_tests/autobahn/server.py with call to web.run_app; replace deprecated aiohttp.ws_connect calls in tests/autobahn/client.py with aiohttp.ClienSession.ws_connect.
(#5606)_HTTPUnauthorized that access the text argument. This is not used in any part of the code, so it's removed now.
(#5657)_params keyword argument to ClientSession.ws_connect. -- :user:hoh.
(#5868)_~asyncio.ThreadedChildWatcher under POSIX to allow setting up test loop in non-main thread.
(#5877)_getaddrinfo.
getaddrinfo will return an (int, bytes) tuple, if CPython could not handle the address family.
It will cause a index out of range error in aiohttp. For example, if user compile CPython with
--disable-ipv6 option but his system enable the ipv6.
(#5901)_loop argument from the asyncio.sleep/gather calls
(#5905)_None from request.if_modified_since, request.if_unmodified_since, request.if_range and response.last_modified when corresponding http date headers are invalid.
(#5925)_SIGCHLD signals in Gunicorn aiohttp Worker to fix subprocesses that capture output having an incorrect returncode.
(#6130)_400: Content-Length can't be present with Transfer-Encoding if both Content-Length and Transfer-Encoding are sent by peer by both C and Python implementations
(#6182)_aio-openapi
(#5326)_Authorization header is removed
on redirects to a different host or protocol.
(#5850)_chardet runtime dependency
to allow their v4.0 version stream.
(#5366)_Added a GunicornWebWorker feature for extending the aiohttp server configuration by allowing the 'wsgi' coroutine to return web.AppRunner object.
(#2988)_
Switch from http-parser to llhttp
(#3561)_
Use Brotli instead of brotlipy (#3803)_
Disable implicit switch-back to pure python mode. The build fails loudly if aiohttp cannot be compiled with C Accelerators. Use AIOHTTP_NO_EXTENSIONS=1 to explicitly disable C Extensions complication and switch to Pure-Python mode. Note that Pure-Python mode is significantly slower than compiled one. (#3828)_
Make access log use local time with timezone (#3853)_
Implemented readuntil in StreamResponse
(#4054)_
FileResponse now supports ETag. (#4594)_
Add a request handler type alias aiohttp.typedefs.Handler.
(#4686)_
AioHTTPTestCase is more async friendly now.
For people who use unittest and are used to use :py:exc:~unittest.TestCase
it will be easier to write new test cases like the sync version of the :py:exc:~unittest.TestCase class,
without using the decorator @unittest_run_loop, just async def test_*.
The only difference is that for the people using python3.7 and below a new dependency is needed, it is asynctestcase.
(#4700)_
Add validation of HTTP header keys and values to prevent header injection. (#4818)_
Add predicate to AbstractCookieJar.clear.
Add AbstractCookieJar.clear_domain to clean all domain and subdomains cookies only.
(#4942)_
Add keepalive_timeout parameter to web.run_app. (#5094)_
Tracing for client sent headers (#5105)_
Make type hints for http parser stricter (#5267)_
Add final declarations for constants. (#5275)_
Switch to external frozenlist and aiosignal libraries. (#5293)_
Don't send secure cookies by insecure transports.
By default, the transport is secure if https or wss scheme is used.
Use CookieJar(treat_as_secure_origin="http://127.0.0.1") to override the default security checker.
(#5571)_
Always create a new event loop in aiohttp.web.run_app().
This adds better compatibility with asyncio.run() or if trying to run multiple apps in sequence.
(#5572)_
Add aiohttp.pytest_plugin.AiohttpClient for static typing of pytest plugin.
(#5585)_
Added a socket_factory argument to BaseTestServer.
(#5844)_
Add compression strategy parameter to enable_compression method. (#5909)_
Added support for Python 3.10 to Github Actions CI/CD workflows and fix the related deprecation warnings -- :user:Hanaasagi.
(#5927)_
Switched chardet to charset-normalizer for guessing the HTTP payload body encoding -- :user:Ousret.
(#5930)_
Added optional auto_decompress argument for HttpRequestParser (#5957)_
Added support for HTTPS proxies to the extent CPython's
:py:mod:asyncio supports it -- by :user:bmbouter,
:user:jborean93 and :user:webknjaz.
(#5992)_
Add Trove classifier and create binary wheels for 3.10. -- :user:hugovk.
(#6079)_
Started shipping platform-specific wheels with the musl tag targeting typical Alpine Linux runtimes — :user:asvetlov.
(#6139)_
Started shipping platform-specific arm64 wheels for Apple Silicon — :user:asvetlov.
(#6139)_
await resp.write(...) or ws.send_json(...) calls without race-condition.
(#2934)
MultiLoopChildWatcher when it's available under POSIX while setting up the test I/O loop.
(#3450)_no_proxy environment variables.
(#4431)_andWSRequestContextManager``
(#5329)
ClientResponse object on calls to the ok property for the failed requests.
(#5403)_params keyword argument in tracing URL.
(#5432)_tempfile.Temporaryfile-created
_io.BufferedRandom instances of files sent within multipart request
bodies via HTTP POST requests -- by :user:webknjaz.
(#5494)_tests/autobahn/server.py with call to web.run_app; replace deprecated aiohttp.ws_connect calls in tests/autobahn/client.py with aiohttp.ClienSession.ws_connect.
(#5606)_HTTPUnauthorized that access the text argument. This is not used in any part of the code, so it's removed now.
(#5657)_params keyword argument to ClientSession.ws_connect. -- :user:hoh.
(#5868)_~asyncio.ThreadedChildWatcher under POSIX to allow setting up test loop in non-main thread.
(#5877)_getaddrinfo.
getaddrinfo will return an (int, bytes) tuple, if CPython could not handle the address family.
It will cause a index out of range error in aiohttp. For example, if user compile CPython with
--disable-ipv6 option but his system enable the ipv6.
(#5901)_loop argument from the asyncio.sleep/gather calls
(#5905)_None from request.if_modified_since, request.if_unmodified_since, request.if_range and response.last_modified when corresponding http date headers are invalid.
(#5925)_SIGCHLD signals in Gunicorn aiohttp Worker to fix subprocesses that capture output having an incorrect returncode.
(#6130)_aio-openapi
(#5326)_Authorization header is removed
on redirects to a different host or protocol.
(#5850)_chardet runtime dependency
to allow their v4.0 version stream.
(#5366)_#3803 <https://github.com/aio-libs/aiohttp/issues/3803>_#4077 <https://github.com/aio-libs/aiohttp/issues/4077>_#3532 <https://github.com/aio-libs/aiohttp/issues/3532>_web_middlewares.normalize_path_middleware behavior for patch without slash.
#3669 <https://github.com/aio-libs/aiohttp/issues/3669>_#3701 <https://github.com/aio-libs/aiohttp/issues/3701>_BaseConnector.close() a coroutine and wait until the client closes all connections. Drop deprecated "with Connector():" syntax.
#3736 <https://github.com/aio-libs/aiohttp/issues/3736>_sock_read timeout each time data is received for a aiohttp.client response.
#3808 <https://github.com/aio-libs/aiohttp/issues/3808>_#3880 <https://github.com/aio-libs/aiohttp/issues/3880>_#5156 <https://github.com/aio-libs/aiohttp/issues/5156>_#5163 <https://github.com/aio-libs/aiohttp/issues/5163>_#5230 <https://github.com/aio-libs/aiohttp/issues/5230>_aiohttp.web.FileResponse.
#3958 <https://github.com/aio-libs/aiohttp/issues/3958>_#3964 <https://github.com/aio-libs/aiohttp/issues/3964>_aiohttp.client.request.
#4603 <https://github.com/aio-libs/aiohttp/issues/4603>_#5228 <https://github.com/aio-libs/aiohttp/issues/5228>_#4102 <https://github.com/aio-libs/aiohttp/issues/4102>_