use quote instead of quote_plus for RedirectResponse location header (#…

…1164) * use quote instead of quote_plus for RedirectResponse location header adjust safe characters: rem. duplicate & symbol add test for redirect quoting * remove unused import Co-authored-by: Jamie Hewland <jhewland@gmail.com>
encode · Apr 14, 2021 · f997938 · f997938
1 parent 995d70c
commit f997938
Show file tree

Hide file tree

Showing 2 changed files with 16 additions and 2 deletions.
diff --git a/starlette/responses.py b/starlette/responses.py
@@ -7,7 +7,7 @@
 import typing
 from email.utils import formatdate
 from mimetypes import guess_type as mimetypes_guess_type
-from urllib.parse import quote, quote_plus
+from urllib.parse import quote
 
 from starlette.background import BackgroundTask
 from starlette.concurrency import iterate_in_threadpool, run_until_first_complete
@@ -178,7 +178,7 @@ def __init__(
         super().__init__(
             content=b"", status_code=status_code, headers=headers, background=background
         )
-        self.headers["location"] = quote_plus(str(url), safe=":/%#?&=@[]!$&'()*+,;")
+        self.headers["location"] = quote(str(url), safe=":/%#?=@[]!$&'()*+,;")
 
 
 class StreamingResponse(Response):

diff --git a/tests/test_responses.py b/tests/test_responses.py
@@ -60,6 +60,20 @@ async def app(scope, receive, send):
     assert response.url == "http://testserver/"
 
 
+def test_quoting_redirect_response():
+    async def app(scope, receive, send):
+        if scope["path"] == "/I ♥ Starlette/":
+            response = Response("hello, world", media_type="text/plain")
+        else:
+            response = RedirectResponse("/I ♥ Starlette/")
+        await response(scope, receive, send)
+
+    client = TestClient(app)
+    response = client.get("/redirect")
+    assert response.text == "hello, world"
+    assert response.url == "http://testserver/I%20%E2%99%A5%20Starlette/"
+
+
 def test_streaming_response():
     filled_by_bg_task = ""