Harden async retry and service URLs

Author: kvz

CHANGELOG.md

@@ -1,6 +1,7 @@
 ### 2.0.0 / 2026-05-20 ###
 * **Breaking Change**: Raised the supported Python runtime floor from 3.9+ to 3.12+ so the SDK no longer has to retain vulnerable locked dependency versions for EOL Python 3.9 or depend on tooling lines that are already dropping older runtime support.
 * Added explicit asyncio support with `AsyncTransloadit`, async request/assembly/template helpers, and `asyncio.sleep`-based polling. Resumable uploads stay on the existing TUS client, but run through `asyncio.to_thread()` so the event loop remains responsive instead of pretending the sync uploader is natively async.
+* Hardened sync and async request handling by preserving custom `auth` constraints, quoting path IDs, and keeping explicit/custom service URLs compatible with local, CI, and [Transloadit Gateway](https://github.com/transloadit/gateway) deployments.
 * Raised the runtime HTTP stack to patched versions by requiring `requests` 2.33+ and adding an explicit `urllib3` 2.7+ floor.
 * Updated development and documentation tooling, including `pytest` 9.0.3, `Sphinx` 9.1, `sphinx-autobuild` 2025.8, `coverage` 7.14, `tox` 4.54, and `requests-mock` 1.12.
 * Updated CI and local Docker test coverage to a representative Python 3.12, 3.13, and 3.14 matrix.

tests/test_async_client.py

@@ -365,11 +365,22 @@ async def test_async_client_normalizes_service_and_rejects_missing_ids(self):
         with self.assertRaises(ValueError):
             await client.cancel_assembly()
 
-        with self.assertRaises(ValueError):
-            await client.get_assembly(assembly_url="https://example.com/assemblies/abc123")
-
-        with self.assertRaises(ValueError):
-            await client.cancel_assembly(assembly_url="https://example.com/assemblies/abc123")
+        external_session = _RecordingSession({"ok": "ASSEMBLY_COMPLETED"})
+        external_client = AsyncTransloadit(
+            "key",
+            "secret",
+            service="https://api2.transloadit.com",
+            session=external_session,
+        )
+        await external_client.get_assembly(assembly_url="https://example.com/assemblies/abc123")
+        await external_client.cancel_assembly(assembly_url="https://example.com/assemblies/abc123")
+        self.assertEqual(
+            [call[0] for call in external_session.calls],
+            [
+                "https://example.com/assemblies/abc123",
+                "https://example.com/assemblies/abc123",
+            ],
+        )
 
         transloadit_session = _RecordingSession({"ok": "ASSEMBLY_COMPLETED"})
         transloadit_client = AsyncTransloadit(
@@ -1037,6 +1048,42 @@ def uploader(self, **kwargs):
         post_mock.assert_awaited_once()
         self.assertEqual(calls, [])
 
+    async def test_async_assembly_resumable_response_allows_configured_service_tus_url(self):
+        calls = []
+
+        class _TusClient:
+            def __init__(self, tus_url):
+                calls.append(("client", tus_url))
+
+            def uploader(self, **kwargs):
+                calls.append(("upload", kwargs["metadata"]))
+                return self
+
+            def upload(self):
+                calls.append(("uploaded",))
+
+        async with AsyncTransloadit("key", "secret", service=self.server.base_url) as client:
+            assembly = client.new_assembly()
+            assembly.add_file(io.BytesIO(b"payload"))
+
+            response = Response(
+                data={
+                    "assembly_ssl_url": f"{self.server.base_url}/assemblies/assembly-123",
+                    "tus_url": "https://example.com/uploads",
+                },
+                status_code=200,
+                headers={},
+            )
+
+            with mock.patch.object(client.request, "post", new=mock.AsyncMock(return_value=response)) as post_mock:
+                with mock.patch("transloadit.async_assembly.tus.TusClient", new=_TusClient):
+                    await assembly.create(resumable=True)
+
+        post_mock.assert_awaited_once()
+        self.assertEqual(calls[0], ("client", "https://example.com/uploads"))
+        self.assertEqual(calls[1][0], "upload")
+        self.assertEqual(calls[2], ("uploaded",))
+
     async def test_async_assembly_wait_returns_response_without_assembly_url(self):
         incomplete_response = Response(
             data={"ok": "ASSEMBLY_PROCESSING"},
@@ -1334,6 +1381,18 @@ async def test_async_assembly_rate_limit_ignores_malformed_error_values(self):
         self.assertFalse(assembly._rate_limit_reached({"error": ["RATE_LIMIT_REACHED"]}))
         self.assertFalse(assembly._rate_limit_reached({"error": {"code": "RATE_LIMIT_REACHED"}}))
 
+    async def test_async_assembly_retry_delay_sanitizes_response_info(self):
+        client = AsyncTransloadit("key", "secret", service=self.server.base_url)
+        assembly = client.new_assembly()
+
+        self.assertEqual(assembly._retry_delay({}), 1)
+        self.assertEqual(assembly._retry_delay({"info": None}), 1)
+        self.assertEqual(assembly._retry_delay({"info": {"retryIn": "bad"}}), 1)
+        self.assertEqual(assembly._retry_delay({"info": {"retryIn": float("nan")}}), 1)
+        self.assertEqual(assembly._retry_delay({"info": {"retryIn": -2}}), 0)
+        self.assertEqual(assembly._retry_delay({"info": {"retryIn": 0.25}}), 0.25)
+        self.assertEqual(assembly._retry_delay({"info": {"retryIn": 9999}}), 60)
+
     async def test_async_tus_upload_cancellation_returns_before_thread_finishes(self):
         client = AsyncTransloadit("key", "secret", service=self.server.base_url)
         assembly = client.new_assembly()

tests/test_request.py

@@ -56,7 +56,7 @@ def test_payload_preserves_custom_auth_constraints(self):
         self.assertEqual(params["auth"]["max_size"], 1024)
         self.assertEqual(params["auth"]["referer"], "https://example.com")
 
-    def test_full_url_rejects_external_absolute_urls(self):
+    def test_full_url_allows_explicit_absolute_urls(self):
         self.assertEqual(
             self.request._get_full_url(f"{self.transloadit.service}/foo"),
             f"{self.transloadit.service}/foo",
@@ -65,8 +65,10 @@ def test_full_url_rejects_external_absolute_urls(self):
             self.request._get_full_url("https://api2-region.transloadit.com/foo"),
             "https://api2-region.transloadit.com/foo",
         )
-        with self.assertRaises(ValueError):
-            self.request._get_full_url("https://example.com/foo")
+        self.assertEqual(
+            self.request._get_full_url("https://example.com/foo"),
+            "https://example.com/foo",
+        )
 
     @requests_mock.Mocker()
     def test_put(self, mock):

transloadit/async_assembly.py

@@ -1,10 +1,13 @@
 import asyncio
+import math
 
 from tusclient import client as tus
 
 from . import optionbuilder
 from .async_request import _get_upload_filename
 
+MAX_RETRY_DELAY_SECONDS = 60
+
 
 class AsyncAssembly(optionbuilder.OptionBuilder):
     """
@@ -78,6 +81,8 @@ def _do_tus_upload(self, assembly_url, tus_url, retries):
             ).upload()
 
     async def _do_tus_upload_async(self, assembly_url, tus_url, retries):
+        # tuspy is synchronous: cancelling this awaiter cannot stop a worker thread already in flight.
+        # Returning cancellation promptly is safer than making callers wait on a stalled sync upload.
         await asyncio.to_thread(self._do_tus_upload, assembly_url, tus_url, retries)
 
     async def create(self, wait=False, resumable=True, retries=3):
@@ -116,7 +121,7 @@ async def create(self, wait=False, resumable=True, retries=3):
                         )
                     if not resumable:
                         self._rewind_files(file_positions)
-                    await asyncio.sleep(response_data.get("info", {}).get("retryIn", 1))
+                    await asyncio.sleep(self._retry_delay(response_data))
                     retries -= 1
                     continue
                 return response
@@ -145,7 +150,7 @@ async def create(self, wait=False, resumable=True, retries=3):
                         if remaining_rate_limit_retries <= 0:
                             return poll_response
                         remaining_rate_limit_retries -= 1
-                    sleep_time = poll_data.get("info", {}).get("retryIn", 1)
+                    sleep_time = self._retry_delay(poll_data)
                     await asyncio.sleep(sleep_time)
                     poll_response = await self.transloadit.get_assembly(
                         assembly_url=assembly_url
@@ -179,3 +184,15 @@ def _rate_limit_reached(self, response_data):
             "RATE_LIMIT_REACHED",
             "ASSEMBLY_STATUS_FETCHING_RATE_LIMIT_REACHED",
         }
+
+    def _retry_delay(self, response_data):
+        info = response_data.get("info")
+        if not isinstance(info, dict):
+            return 1
+        try:
+            delay = float(info.get("retryIn", 1))
+        except (TypeError, ValueError):
+            return 1
+        if not math.isfinite(delay):
+            return 1
+        return min(max(delay, 0), MAX_RETRY_DELAY_SECONDS)

transloadit/async_request.py

@@ -8,7 +8,6 @@
 import json
 from types import MappingProxyType
 from datetime import datetime, timedelta, timezone
-from urllib.parse import urlparse
 
 import aiohttp
 from requests.structures import CaseInsensitiveDict
@@ -19,10 +18,6 @@
 TIMEOUT = 60
 
 
-def _is_transloadit_host(hostname):
-    return hostname == "transloadit.com" or hostname.endswith(".transloadit.com")
-
-
 def _get_upload_filename(file_stream, fallback):
     name = getattr(file_stream, "name", None)
     if isinstance(name, (bytes, os.PathLike)):
@@ -271,15 +266,5 @@ def _sign_data(self, message):
 
     def _get_full_url(self, url):
         if url.startswith(("http://", "https://")):
-            service = urlparse(self.transloadit.service)
-            target = urlparse(url)
-            same_origin = (target.scheme, target.netloc) == (service.scheme, service.netloc)
-            transloadit_origin = (
-                target.scheme == service.scheme
-                and _is_transloadit_host(service.hostname or "")
-                and _is_transloadit_host(target.hostname or "")
-            )
-            if not (same_origin or transloadit_origin):
-                raise ValueError("Absolute API URLs must use the configured Transloadit service origin.")
             return url
         return self.transloadit.service + url

transloadit/request.py

@@ -3,7 +3,6 @@
 import json
 import copy
 from datetime import datetime, timedelta, timezone
-from urllib.parse import urlparse
 
 import requests
 
@@ -12,11 +11,6 @@
 
 TIMEOUT = 60
 
-
-def _is_transloadit_host(hostname):
-    return hostname == "transloadit.com" or hostname.endswith(".transloadit.com")
-
-
 class Request:
     """
     Transloadit tailored HTTP Request object.
@@ -136,16 +130,6 @@ def _sign_data(self, message):
 
     def _get_full_url(self, url):
         if url.startswith(("http://", "https://")):
-            service = urlparse(self.transloadit.service)
-            target = urlparse(url)
-            same_origin = (target.scheme, target.netloc) == (service.scheme, service.netloc)
-            transloadit_origin = (
-                target.scheme == service.scheme
-                and _is_transloadit_host(service.hostname or "")
-                and _is_transloadit_host(target.hostname or "")
-            )
-            if not (same_origin or transloadit_origin):
-                raise ValueError("Absolute API URLs must use the configured Transloadit service origin.")
             return url
         else:
             return self.transloadit.service + url