Request using trio asks returns a different response than with requests and aiohttp

Question

Right, hello, so I'm trying to implement opticard (loyality card services) with my webapp using trio and asks (https://asks.readthedocs.io/).

So I'd like to send a request to their inquiry api: Here goes using requests:

import requests
r = requests.post("https://merchant.opticard.com/public/do_inquiry.asp", data={'company_id':'Dt', 'FirstCardNum1':'foo', 'g-recaptcha-response':'foo','submit1':'Submit'})

This will return "Invalid ReCaptcha" and this is normal, and what I want

Same thing using aiohttp:

import asyncio
import aiohttp

async def fetch(session, url):
    async with session.post(url, data={'company_id':'Dt', 'FirstCardNum1':'foo', 'g-recaptcha-response':'foo','submit1':'Submit'} ) as response:
        return await response.text()

async def main():
    async with aiohttp.ClientSession() as session:
        html = await fetch(session, 'https://merchant.opticard.com/public/do_inquiry.asp')
        print(html)

loop = asyncio.get_event_loop()
loop.run_until_complete(main())

Now this also returns "Invalid ReCaptcha", so that's all nice and good.

However now, using trio/asks:

import asks
import trio

async def example():
    r = await asks.post('https://merchant.opticard.com/public/do_inquiry.asp', data={'company_id':'Dt', 'FirstCardNum1':'foo', 'g-recaptcha-response':'foo','submit1':'Submit'})
    print(r.text)
trio.run(example)

This returns a completely different response with 'Your session has expired to protect your account. Please login again.', this error/message can be accessed normally when inputting an invalid url such as 'https://merchant.opticard.com/do_inquiry.asp' instead of 'https://merchant.opticard.com/public/do_inquiry.asp'.

I have no idea where this error is coming from, I tried setting headers, cookies, encoding, nothing seems to make it work. I tried replicating the issue, but the only way I managed to replicate the result with aiohttp and requests is by setting an incorrect url like 'https://merchant.opticard.com/do_inquiry.asp' instead of 'https://merchant.opticard.com/public/do_inquiry.asp'.

This must be an issue from asks, maybe due to encoding or formatting, but I've been using asks for over a year and never had an issue where a simple post request with data would return differently on asks compared to everywhere else. And I'm baffled as I can't understand why this is happening, it couldn't possibly be a formatting error on asks' part because if so how come this is the first time something like this has ever happened after using it for over a year?

score 3 · Accepted Answer · answered Jul 18 '19 at 11:46

This is a bug how asks handles redirection when a non-standard location is received.

The server returns a 302 redirection with Location: inquiry.asp?... while asks expects it to be a full URL. You may want to file a bug report to asks.

How did I find this? A good way to go is to use a proxy (e.g. mitmproxy) to inspect the traffic. However asks doesn't support proxies. So I turned to wireshark instead and use a program to extract TLS keys so wireshark can decrypt the traffic.

Thanks a lot! I will open a bug report right now! :) – Tom Jul 18 '19 at 14:51 — Tom, Jul 18 '19 at 14:51

Request using trio asks returns a different response than with requests and aiohttp

1 Answers1