当我使用 API 令牌在 https URL 上启动以下 cURL 命令时,我得到了预期的响应(存储中的文件列表):
curl -H "Authorization: Bearer <TOKEN>" "https://my_website.com:443/api/storage"
。
但是,当我在 Python 中尝试使用
requests.get
时:
url = "https://my_website.com:443/api/storage"
token = "..."
headers = {'Authorization': f"Bearer {token}"}
resp = requests.get(url, headers=headers)
resp.json()
我遇到如下身份验证错误:
---------------------------------------------------------------------------
SSLCertVerificationError Traceback (most recent call last)
File c:\AnsysDev\Python311\Lib\site-packages\urllib3\connectionpool.py:467, in HTTPConnectionPool._make_request(self, conn, method, url, body, headers, retries, timeout, chunked, response_conn, preload_content, decode_content, enforce_content_length)
466 try:
--> 467 self._validate_conn(conn)
468 except (SocketTimeout, BaseSSLError) as e:
...
File c:\AnsysDev\Python311\Lib\site-packages\requests\adapters.py:517, in HTTPAdapter.send(self, request, stream, timeout, verify, cert, proxies)
513 raise ProxyError(e, request=request)
515 if isinstance(e.reason, _SSLError):
516 # This branch is for urllib3 v1.22 and later.
--> 517 raise SSLError(e, request=request)
519 raise ConnectionError(e, request=request)
521 except ClosedPoolError as e:
SSLError: HTTPSConnectionPool(host='my_website.com', port=443): Max retries exceeded with url: /api/storage (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self-signed certificate in certificate chain (_ssl.c:1006)')))
为什么行为不同?
我尝试添加参数
allow_redirects=False
、allow_redirects=True
(也是默认值),并且我尝试使用 requests.Session
设置令牌(见下文),但它们都会导致相同的错误:
session = requests.Session()
session.headers.update(headers)
response = session.get(url)
response.json()
根据您对
requests.get
的调用的回溯,这似乎是认证验证错误(SSLCertVerificationError
),可能是因为您网站中的认证使用自签名SSL证书([SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self-signed certificate in certificate chain
)。
要解决这个问题,你可以用参数调用
verify=False
:
resp = requests.get(url, headers=headers, verify=False)
resp.json()
然后您可能会看到警告:
InsecureRequestWarning: Unverified HTTPS request is being made to host 'my_website.com'. Adding certificate verification is strongly advised.
。
要禁用它,您可以使用
urllib3
中的以下命令:
import urllib3
urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning)
如果您想在通话级别禁用此警告,您可以这样做:
import urllib3
import warnings
import requests
url = "https://my_website.com:443/api/storage"
token = "..."
headers = {'Authorization': f"Bearer {token}"}
with warnings.catch_warnings():
urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning)
resp = requests.get(url, headers=headers, verify=False)
json_data = resp.json()
相关问题: