feat: Allow the request URL to be used for subsequent requests

[zanieb]

Per discussion in astral-sh/uv#2843

It is not always correct to use the response URL for subsequent requests, so we allow the URL to be provided.

[zanieb]

I don't love this name

[zanieb]

I tried to set up a test case that used redirects but it was kind of a pain? I'm not sure what kind of testing you think is valuable here.

[torarvid]

After I made #15, I also added a commit that has a test for this in my own fork. It adds an endpoint to the unit-test http server that redirects based on the HTTP method used, and that target URL returns 405 Method Not Allowed if called with another method: torarvid#1

(Didn't want to add it to #15 to keep the PR size manageable, but I can if it's wanted)

[zanieb]

This, in particular, is awkward. Perhaps we should have a different API instead? Like AsyncHttpRangeReader::from_head_response_custom_url?

I feel like similar to my commentary in #9 it'd be nice to have some sort of Builder type that can be constructed and mutated before the AsyncHttpRangeReader itself.

[baszalmstra]

Yeah I agree that a builder would be a lot nicer now that the options are increasing. Would you be able to wip something up?

[zanieb]

I can look into it! It might not be quick though :)

[torarvid]

Sorry if I'm overstepping, but I felt like trying to make a Builder, so I opened #15 😄

[zanieb]

Oh thanks! I had just asked @charliermarsh to look into this because I was too busy. We'll review it :)

[charliermarsh]

Is it ever correct to use the response URL?

[zanieb]

That's a good question, is there a RFC about HEAD/GET range requests?

(this implementation is based on @baszalmstra's comment that either may be preferred)

[baszalmstra]

I think only when signed redirects are used this doesnt work. In other cases the extra hops might be avoidable.

[zanieb]

That makes sense, it's definitely less efficient to do an extra hop on every subsequent request. I guess it's possible something would return a 302 for HEAD but not for GET but that seems really weird?

[baszalmstra]

maybe in the comments we could explain the tradeoff?

[zanieb]

Yeah I can definitely explain the cases.

[torarvid]

That's a good question, is there a RFC about HEAD/GET range requests?

@zanieb The RFC that covers Range requests seems to be section 14 of the HTTP Semantics one: https://datatracker.ietf.org/doc/html/rfc9110#name-range-requests

(I first found https://datatracker.ietf.org/doc/html/rfc7233, but it says that it's obsoleted by RFC9110)

[torarvid]

Is it ever correct to use the response URL?

To me it feels like an optimization that I can't find being discussed in the HTTP rfc, and if I'm right about that it sounds like something that maybe shouldn't be the default at least, but something you opt into if you know you'll never hit cases like the Amazon links in your application...

[baszalmstra]

Yeah after reading up on this some more I think I agree. @zanieb If you need a quick fix I would be happy to change the default for now without it being configurable.

[charliermarsh]

I think if we shipped a change to the default here, I'd probably upgrade us immediately since we still see reports around this.

[baszalmstra]

@zanieb Do you think you will get back to this PR? Im fine with keeping it simple and using the request url instead of the response url.

[zanieb]

@baszalmstra sure I can open a new pull request that does that

[charliermarsh]

I put one up here: #16

[zanieb]

I think #16 and #15 both make more sense than this