session: Always cache responses from trusted-host source

news: Add news about default behaviour change
pypa · Mar 26, 2020 · 544c307 · 544c307
1 parent 65a9bec
commit 544c307
Show file tree

Hide file tree

Showing 2 changed files with 16 additions and 10 deletions.
diff --git a/news/7847.feature b/news/7847.feature
@@ -0,0 +1 @@
+Change default behaviour to always cache responses from trusted-host source.
diff --git a/src/pip/_internal/network/session.py b/src/pip/_internal/network/session.py
@@ -271,25 +271,30 @@ def __init__(self, *args, **kwargs):
             backoff_factor=0.25,
         )
 
-        # We want to _only_ cache responses on securely fetched origins. We do
-        # this because we can't validate the response of an insecurely fetched
+        # Our Insecure HTTPAdapter disables HTTPS validation. It does not
+        # support caching so we'll use it for all http:// URLs.
+        # If caching is disabled, we will also use it for
+        # https:// hosts that we've marked as ignoring
+        # TLS errors for (trusted-hosts).
+        insecure_adapter = InsecureHTTPAdapter(max_retries=retries)
+
+        # We want to _only_ cache responses on securely fetched origins or when
+        # the host is specified as trusted. We do this because
+        # we can't validate the response of an insecurely/untrusted fetched
         # origin, and we don't want someone to be able to poison the cache and
         # require manual eviction from the cache to fix it.
         if cache:
             secure_adapter = CacheControlAdapter(
                 cache=SafeFileCache(cache),
                 max_retries=retries,
             )
+            self._trusted_host_adapter = InsecureCacheControlAdapter(
+                cache=SafeFileCache(cache),
+                max_retries=retries,
+            )
         else:
             secure_adapter = HTTPAdapter(max_retries=retries)
-
-        # Our Insecure HTTPAdapter disables HTTPS validation. It does not
-        # support caching (see above) so we'll use it for all http:// URLs as
-        # well as any https:// host that we've marked as ignoring TLS errors
-        # for.
-        insecure_adapter = InsecureHTTPAdapter(max_retries=retries)
-        # Save this for later use in add_trusted_host().
-        self._trusted_host_adapter = insecure_adapter
+            self._trusted_host_adapter = insecure_adapter
 
         self.mount("https://", secure_adapter)
         self.mount("http://", insecure_adapter)
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1 @@
		Change default behaviour to always cache responses from trusted-host source.