fix: correctness and security hardening across the HTTP stack

[OmarAlJarrah]

Summary

A focused correctness and security pass over the HTTP stack — the pipeline policies, the four transport adapters, and the serde/pagination/streaming layers. The issues here mostly live in cross-layer interactions and transport wire behaviour that the existing unit tests didn't exercise.

Pipeline & auth

• Credentials no longer follow cross-origin redirects. The credential policies are now origin-aware: after a redirect to a different host they stop re-stamping the bearer/basic/key credential onto the foreign request. The redirect policy strips a caller-set Authorization only on cross-origin hops, so ordinary same-origin redirects (e.g. a trailing-slash 301) keep it.
• Retry body handling. Single-use body buffering is decided from the effective per-call retry total (not just the constructor default), so a per-call retry_total override no longer crashes a streamed body mid-retry. Non-idempotent methods (POST/PATCH) are no longer retried on read-phase errors, where the request may already have been processed. Async body buffering runs off the event loop.
• Pipeline ownership. Building a pipeline from a policy instance already wired into another pipeline now raises instead of silently corrupting the first pipeline's chain.

Transports

• requests: never send Content-Length and Transfer-Encoding: chunked together (the previous behaviour sent an unframed body under both headers). Known-length bodies are framed by length and streamed without buffering into memory; unknown-length bodies are chunked with any stale Content-Length removed. Only a session the client created is closed; repeated response headers (e.g. Set-Cookie) are preserved; the negotiated HTTP version is reported; a Content-Length that would misdescribe a decompressed body is dropped.
• urllib: stop following redirects inside the transport so 3xx responses reach the pipeline's redirect policy (and its credential-stripping) instead of being followed silently with the original headers. Response-read failures are mapped into the SDK error hierarchy.
• asyncio: send Host with the port for non-default ports; apply a caller-supplied SSL context only to https URLs; reject chunked responses and read connection-close-framed bodies to EOF instead of fabricating an empty body; detect chunked across multiple Transfer-Encoding lines; buffer the request body off the event loop.
• httpx / aiohttp: set Content-Length for known-length bodies (instead of always chunking) and pump sync body iterators on a worker thread rather than the event loop.
• All transports preserve a valid-but-unregistered status code instead of discarding the live response.

Serde, pagination, streaming, multipart

• Codec decodes Annotated[...] fields (including annotated Tristate) correctly, guards recursion depth, and wraps conversion failures in CodecError.
• Link-header pagination reads every Link line and tolerates commas inside the target URI; cursor pagination accepts non-string cursors; malformed JSON pages surface DeserializationError.
• JSONL and SSE decoding map invalid UTF-8 onto the streaming error contract.
• Multipart rejects CR/LF/NUL in field names, filenames, media types, custom part headers, and the boundary, closing several header-injection vectors.

Also includes the digest nonce-count reset, per-operation (rather than per-attempt) tracing events, fail-closed URL redaction, more robust proxy-configuration parsing, and a number of smaller correctness and documentation fixes.

Public API

One intentional signature change: HttpTracer.request_sent now accepts int | None so an unknown-length upload still emits the event. The committed surface baseline is regenerated accordingly.

Testing

uv run pytest -q → 1398 passed (242 new regression tests), uv run mypy --strict clean, uv run ruff check / ruff format --check clean.

🤖 Generated with Claude Code