From dbcbb9af6d54824d47641f75c7aa470500f04904 Mon Sep 17 00:00:00 2001
From: florimondmanca <florimond.manca@gmail.com>
Date: Sat, 1 Aug 2020 11:13:13 +0200
Subject: [PATCH 1/2] Drop HSTS Preloading

---
 README.md                   |  1 -
 docs/index.md               |  1 -
 httpx/_client.py            | 11 +----------
 setup.cfg                   |  2 +-
 setup.py                    |  1 -
 tests/client/test_client.py | 19 ++-----------------
 6 files changed, 4 insertions(+), 31 deletions(-)

diff --git a/README.md b/README.md
index d262045f34..9ce2311ed8 100644
--- a/README.md
+++ b/README.md
@@ -113,7 +113,6 @@ The HTTPX project relies on these excellent libraries:
   * `h2` - HTTP/2 support.
 * `certifi` - SSL certificates.
 * `chardet` - Fallback auto-detection for response encoding.
-* `hstspreload` - determines whether IDNA-encoded host should be only accessed via HTTPS.
 * `idna` - Internationalized domain name support.
 * `rfc3986` - URL parsing & normalization.
 * `sniffio` - Async library autodetection.
diff --git a/docs/index.md b/docs/index.md
index 7f7ecee6c5..1241069133 100644
--- a/docs/index.md
+++ b/docs/index.md
@@ -111,7 +111,6 @@ The HTTPX project relies on these excellent libraries:
   * `h2` - HTTP/2 support.
 * `certifi` - SSL certificates.
 * `chardet` - Fallback auto-detection for response encoding.
-* `hstspreload` - determines whether IDNA-encoded host should be only accessed via HTTPS.
 * `idna` - Internationalized domain name support.
 * `rfc3986` - URL parsing & normalization.
 * `sniffio` - Async library autodetection.
diff --git a/httpx/_client.py b/httpx/_client.py
index a718649e4a..0812bbc78f 100644
--- a/httpx/_client.py
+++ b/httpx/_client.py
@@ -2,7 +2,6 @@
 import typing
 from types import TracebackType
 
-import hstspreload
 import httpcore
 
 from ._auth import Auth, BasicAuth, FunctionAuth
@@ -205,15 +204,7 @@ def _merge_url(self, url: URLTypes) -> URL:
         Merge a URL argument together with any 'base_url' on the client,
         to create the URL used for the outgoing request.
         """
-        url = self.base_url.join(relative_url=url)
-        if (
-            url.scheme == "http"
-            and hstspreload.in_hsts_preload(url.host)
-            and len(url.host.split(".")) > 1
-        ):
-            port = None if url.port == 80 else url.port
-            url = url.copy_with(scheme="https", port=port)
-        return url
+        return self.base_url.join(relative_url=url)
 
     def _merge_cookies(
         self, cookies: CookieTypes = None
diff --git a/setup.cfg b/setup.cfg
index 6732488f63..abf929021e 100644
--- a/setup.cfg
+++ b/setup.cfg
@@ -14,7 +14,7 @@ check_untyped_defs = True
 profile = black
 combine_as_imports = True
 known_first_party = httpx,tests
-known_third_party = brotli,certifi,chardet,cryptography,hstspreload,httpcore,pytest,rfc3986,setuptools,sniffio,trio,trustme,uvicorn
+known_third_party = brotli,certifi,chardet,cryptography,httpcore,pytest,rfc3986,setuptools,sniffio,trio,trustme,uvicorn
 
 [tool:pytest]
 addopts = --cov=httpx --cov=tests -rxXs
diff --git a/setup.py b/setup.py
index cc6216992c..4ce68e113f 100644
--- a/setup.py
+++ b/setup.py
@@ -56,7 +56,6 @@ def get_packages(package):
     zip_safe=False,
     install_requires=[
         "certifi",
-        "hstspreload",
         "sniffio",
         "chardet==3.*",
         "idna==2.*",
diff --git a/tests/client/test_client.py b/tests/client/test_client.py
index 073cebf98d..20e97ddc0c 100644
--- a/tests/client/test_client.py
+++ b/tests/client/test_client.py
@@ -177,20 +177,5 @@ def test_base_url(server):
 def test_merge_url():
     client = httpx.Client(base_url="https://www.paypal.com/")
     request = client.build_request("GET", "http://www.paypal.com")
-    assert request.url.scheme == "https"
-    assert request.url.is_ssl
-
-
-@pytest.mark.parametrize(
-    "url,scheme,is_ssl",
-    [
-        ("http://www.paypal.com", "https", True),
-        ("http://app", "http", False),
-        ("http://192.168.1.42", "http", False),
-    ],
-)
-def test_merge_url_hsts(url: str, scheme: str, is_ssl: bool):
-    client = httpx.Client()
-    request = client.build_request("GET", url)
-    assert request.url.scheme == scheme
-    assert request.url.is_ssl == is_ssl
+    assert request.url.scheme == "http"
+    assert not request.url.is_ssl

From 75789f6ba96fef655aea412766fda914d2bad108 Mon Sep 17 00:00:00 2001
From: Tom Christie <tom@tomchristie.com>
Date: Wed, 5 Aug 2020 12:59:09 +0100
Subject: [PATCH 2/2] Update test_client.py

---
 tests/client/test_client.py | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/tests/client/test_client.py b/tests/client/test_client.py
index fc98dd5e65..ea57c11c35 100644
--- a/tests/client/test_client.py
+++ b/tests/client/test_client.py
@@ -175,9 +175,10 @@ def test_base_url(server):
 
 
 def test_merge_url():
-    client = httpx.Client(base_url="https://www.paypal.com/")
-    request = client.build_request("GET", "http://www.paypal.com")
+    client = httpx.Client(base_url="https://www.example.com/")
+    request = client.build_request("GET", "http://www.example.com")
     assert request.url.scheme == "http"
+    assert not request.url.is_ssl
 
 
 def test_pool_limits_deprecated():