-
Notifications
You must be signed in to change notification settings - Fork 3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Show deprecation warning against --trusted-host with port part. #6710
Conversation
--trusted-host
with port part.
@frostming Does pip’s code support trusting an individual host-port combination without also trusting the host as a whole? |
@cjerdonek For HTTPS, yes, but HTTP will abort with a warning. So we should deprecate the usage of a host with a port part. |
I'm not sure yet. If it's useful, maybe we should be officially supporting that use case, and then update the documentation of |
Can you show what that abort and warning looks like, btw? |
@cjerdonek Here it is $ pip install -i http://localtest.me:5000 urllib3 --trusted-host localtest.me:5000
Looking in indexes: http://localtest.me:5000
Collecting urllib3
The repository located at localtest.me is not a trusted or secure host and is being ignored. If this repository is available via HTTPS we recommend you use HTTPS instead, otherwise you may silence this warning and allow it anyway with '--trusted-host localtest.me'.
Could not find a version that satisfies the requirement urllib3 (from versions: )
No matching distribution found for urllib3
I prefer pip to accept both and do corresponding handling. |
Sure, I created #6886 to track the discussion. |
Thanks! I noticed, and added some additional info to the ticket. |
Close this PR in favor of #6909 |
Following #6705 #6709