Requests defaulting to .netrc

[nickpeihl]

Hey, I'm not sure if this is a bug, but it was something that really messed up my afternoon. I was unable to get app-search-python to authenticate with a valid API key. The error I was getting is InvalidCredentials: Unauthorized.

I watched the POST request in Wireshark and discovered that it was sending an entirely different Authentication header. I finally realized that the Requests library was defaulting to my .netrc setting.

From the Requests documentation (emphasis mine).

If no authentication method is given with the auth argument, Requests will attempt to get the authentication credentials for the URL’s hostname from the user’s netrc file. The netrc file overrides raw HTTP authentication headers set with headers=.

So I wonder if we can provide the auth parameter to Requests to avoid this?

An example of my $HOME/.netrc file is posted below.

machine localhost
login elastic
password mysecret