I would like to add support for CIDR notation in the NO_PROXY environment to Python (=urllib)
I happen to maintain a large playbook in Ansible, which rely on python, and usually can’t use anything else than stdlib for its module, so can’t support CIDR in no_proxy.
(Ansible issue in question)
I expect the benefits would be larger than just the ansible ecosystem, though. This would basically be the Python part of this Gitlab blog
I noticed there is another issue open in cpython/python which I would tackle at the same time regarding supporting ‘’ in domains (aka = '.my.domain.com’ == ‘.mydomain.com’ in NO_PROXY):
It is not that standard, see We need to talk: Can we standardize NO_PROXY? . Supporting it means extra work and we should be careful. Nonetheless, it could be a legitimate feature request if someone actually writes a PR with good tests, and changelog. Note that we would only support it from Python 3.15 and onwards as it’s a new feature.
I did not open a PR initially even though I started an implementation because IIRC, the contribution guide (can’t remember where exactly) mentioned opening a discussion here before, I think, and demonstrating support for the idea/feature.
I’m still interested in contributing the feature, and tests should be simple enough to add I think.
So is the feature worth the extra support burden ?
It depends. I don’t know how complex it could become… we don’t really want half-baked support and CIDR notation is always hard (especially if we then support IPv6). There are a bunch of issues with IPv6 about some parsing rules, so we should be careful.
cURL and wget don’t support CIDR notation for NO_PROXY (according to the article), so it could also be a too niche feature. OTOH, I think it’s kinda helpful to indicate the NO_PROXY in terms of IP and not just names.
Note that We need to talk: Can we standardize NO_PROXY? has also questions which I don’t have the answers to. Before making a PR, it would be good to see if other languages such as Perl (which wasn’t in the study), Node/NPM (maybe?) or other Python libraries want such support (e.g., what about requests, and web libs; are there existing issues about the lack of support?).
IOW, try to find as many resources as possible about `NO_PROXY`, whether it’s at a library level or language level, to see if this feature could really be useful. It seems some libs want it for wget though: no_proxy environment variable ignored by wget · Issue #259 · gliderlabs/docker-alpine · GitHub for instance. Personally, I think we can accept a simple CIDR notation (at least for IPv4) but the support might be limited as we don’t want to resolve perform DNS lookup either.
There is also the ansible bug/feature request linked in the OP.
Regarding implementation complexity, the WIP branch linked in the OP mostly delegates parsing to the ipaddress module, so I don’t think that’d introduce too much parsing footguns.
I think curl does support CIDR in NO_PROXY, relatively recently though
In this case, I think it’s a good indication that this needs to be supported in CPython. Java doesn’t seem to support it natively but the desired of having it supported is legitimate.
I don’t think that’d introduce too much parsing footguns
Yeah, hopefully but we recently found bugs in the ipaddress but I think for simple subnets matching it should enough (I hope). Feel free to create a PR but read Lifecycle of a pull request first if you haven’t yet. I’m not saying that we will be able to merge the feature as it touches code that not many people actually touched recently so I will need some time to review it but hopefully we’ll be able to ship it to 3.15 (unfortunately, it won’t be available in previous versions and 3.15 will only become the official release next year). We should do the same as cURL where we only restrict to IPv4 for now.
