Disable following of redirects by default

.coveragerc

@@ -7,3 +7,4 @@ exclude_lines =
     if getattr(typing, 'TYPE_CHECKING', False):
     pragma: no cover
     @bottle.(get|post|route)
+    pytest.fail

bravado/fido_client.py

@@ -226,6 +226,7 @@ def prepare_request_for_twisted(request_params):
                 'url': string,
                 'timeout': float,  # optional
                 'connect_timeout': float,  # optional
+                'allow_redirects': bool,  # optional
             }
         """
 
@@ -244,7 +245,7 @@ def prepare_request_for_twisted(request_params):
             params=request_params.get('params'),
             files=request_params.get('files'),
             url=request_params.get('url'),
-            method=request_params.get('method')
+            method=request_params.get('method'),
         )
 
         # content-length was computed by 'requests' based on the current body

bravado/http_future.py

@@ -199,7 +199,7 @@ def response(
 
             swagger_result = self._get_swagger_result(incoming_response)
 
-            if self.operation is None and incoming_response.status_code >= 400:
+            if self.operation is None and incoming_response.status_code >= 300:
                 raise make_http_exception(response=incoming_response)
 
             # Trigger fallback_result if the option is set
@@ -276,7 +276,7 @@ def result(
                 return swagger_result, incoming_response
             return swagger_result
 
-        if 200 <= incoming_response.status_code < 400:
+        if 200 <= incoming_response.status_code < 300:
             return incoming_response
 
         raise make_http_exception(response=incoming_response)
@@ -410,13 +410,13 @@ def raise_on_unexpected(http_response):
 
 def raise_on_expected(http_response):
     # type: (IncomingResponse) -> None
-    """Raise an HTTPError if the response is non-2XX and non-3XX and matches
-    a response in the swagger spec.
+    """Raise an HTTPError if the response is non-2XX and matches a response
+    in the swagger spec.
 
     :param http_response: :class:`bravado_core.response.IncomingResponse`
     :raises: HTTPError
     """
-    if not 200 <= http_response.status_code < 400:
+    if not 200 <= http_response.status_code < 300:
         raise make_http_exception(
             response=http_response,
             swagger_result=http_response.swagger_result)

bravado/requests_client.py

@@ -286,7 +286,6 @@ def __init__(
         ssl_cert=None,  # type:  typing.Any
         future_adapter_class=RequestsFutureAdapter,  # type: typing.Type[RequestsFutureAdapter]
         response_adapter_class=RequestsResponseAdapter,  # type: typing.Type[RequestsResponseAdapter]
-        allow_redirects=False  # type: bool
     ):
         # type: (...) -> None
         """
@@ -306,7 +305,6 @@ def __init__(
         self.ssl_cert = ssl_cert
         self.future_adapter_class = future_adapter_class
         self.response_adapter_class = response_adapter_class
-        self.allow_redirects = allow_redirects
 
     def __hash__(self):
         # type: () -> int
@@ -363,7 +361,7 @@ def separate_params(
         misc_options = {
             'ssl_verify': self.ssl_verify,
             'ssl_cert': self.ssl_cert,
-            'allow_redirects': self.allow_redirects,
+            'allow_redirects': sanitized_params.pop('allow_redirects', False),
         }
 
         if 'connect_timeout' in sanitized_params:

bravado/testing/integration_test.py

@@ -16,8 +16,10 @@
 from bravado.client import SwaggerClient
 from bravado.exception import BravadoConnectionError
 from bravado.exception import BravadoTimeoutError
+from bravado.exception import HTTPMovedPermanently
 from bravado.http_client import HttpClient
 from bravado.http_future import FutureAdapter
+from bravado.requests_client import RequestsClient
 from bravado.swagger_model import Loader
 
 
@@ -492,15 +494,33 @@ def test_msgpack_support(self, swagger_http_server):
         assert response.headers['Content-Type'] == APP_MSGPACK
         assert unpackb(response.raw_bytes, encoding='utf-8') == API_RESPONSE
 
-    def test_redirects_are_not_followed(self, swagger_http_server):
+    def test_following_redirects(self, swagger_http_server):
+        # the FidoClient doesn't have a way to turn off redirects being followed
+        # so limit this test to the RequestsClient instead
+        if not isinstance(self.http_client, RequestsClient):
+            pytest.skip('Following redirects is only supported in the RequestsClient')
+
         response = self.http_client.request({
             'method': 'GET',
             'url': '{server_address}/redirect'.format(server_address=swagger_http_server),
             'params': {},
+            'allow_redirects': True,
         }).result(timeout=1)
 
-        assert response.status_code == 301
-        assert response.headers['Location'] == '/json'
+        assert isinstance(response, IncomingResponse) and response.status_code == 200
+
+    def test_redirects_are_not_followed(self, swagger_http_server):
+        try:
+            self.http_client.request({
+                'method': 'GET',
+                'url': '{server_address}/redirect'.format(server_address=swagger_http_server),
+                'params': {},
+            }).result(timeout=1)
+        except HTTPMovedPermanently as exc:
+            assert isinstance(exc.response, IncomingResponse) and exc.response.status_code == 301
+            assert isinstance(exc.response, IncomingResponse) and exc.response.headers['Location'] == '/json'
+        else:
+            pytest.fail("Expected exception was not raised")
 
     def test_timeout_errors_are_thrown_as_BravadoTimeoutError(self, swagger_http_server):
         if not self.http_future_adapter_type.timeout_errors: