HTTP server for testing environments
Project description
Spoof is an HTTP server written in Python for use in test environments where mocking underlying calls isn’t an option, or where it’s desirable to have an actual HTTP server listening on a socket. Hello, functional tests!
Unlike a typical HTTP server, where specific method and path combinations are configured in advance, Spoof accepts all requests and sends either a queued response, a default response if the queue is empty, or an error response if no default response is configured. Requests can be inspected after a response is sent. This can help support testing and prototyping of HTTP clients, returning deterministic responses independent of validating requests.
Compatibility
Spoof is tested on Python 3.10 to 3.14, and has no external dependencies. It may also work on older versions of Python, but this is not supported.
Multiple Spoof HTTP servers can be run concurrently, and by default, the port number is the next available unused port. With OpenSSL installed, Spoof can also provide an SSL/TLS HTTP server. IPv6 is fully supported.
Quickstart
Queue multiple responses, verify content, and request paths:
import requests
import spoof
with spoof.HTTPServer() as httpd:
responses = [
[200, [("Content-Type", "application/json")], '{"id": 1111}'],
[200, [("Content-Type", "application/json")], '{"id": 2222}'],
]
httpd.queueResponse(*responses)
httpd.defaultResponse = [404, [], "Not found"]
assert requests.get(httpd.url + "/path").json() == {"id": 1111}
assert requests.get(httpd.url + "/alt/path").json() == {"id": 2222}
assert requests.get(httpd.url + "/oops").status_code == 404
assert [r.path for r in httpd.requests] == ["/path", "/alt/path", "/oops"]Set a callback as the default response:
import requests
import spoof
with spoof.HTTPServer() as httpd:
httpd.defaultResponse = lambda request: [200, [], request.path]
assert requests.get(httpd.url + "/alt").content == b"/alt"Test queued response with SSL:
import requests
import spoof
with spoof.SelfSignedSSLContext() as selfSigned:
with spoof.HTTPServer(sslContext=selfSigned.sslContext) as httpd:
httpd.queueResponse([200, [], "No self-signed cert warning!"])
response = requests.get(httpd.url + "/path",
verify=selfSigned.certFile)
assert httpd.requests[-1].method == "GET"
assert httpd.requests[-1].path == "/path"
assert response.content == b"No self-signed cert warning!"Proxy Mode
Spoof also supports proxying HTTP requests by setting the upstream attribute to another Spoof instance:
import requests
import spoof
with spoof.SelfSignedSSLContext(commonName="example.spoof") as ssl:
with spoof.HTTPServer(sslContext=ssl.sslContext) as proxy:
with spoof.HTTPServer(sslContext=ssl.sslContext) as upstream:
proxy.upstream = upstream
proxy.defaultResponse = [200, [("X-Spoof-Proxy", "True")], ""]
upstream.defaultResponse = [200, [], "I'm here!"]
response = requests.get(
"https://example.spoof/ayt",
proxies={"https": proxy.url},
verify=ssl.certFile
)
assert proxy.requests[0].method == "CONNECT"
assert proxy.requests[0].path == "example.spoof:443"
assert upstream.requests[0].method == "GET"
assert upstream.requests[0].path == "/ayt"
assert response.content == b"I'm here!"SSL Warnings
Some libraries like Requests will complain loudly or refuse to connect to HTTP servers with a self-signed SSL certificate. The preferred way to handle this is to use the verify property in requests.Session to trust the certificate:
import requests
import spoof
cert, key = spoof.SSLContext.createSelfSignedCert()
sslContext = spoof.SSLContext.fromCertChain(cert, key)
httpd = spoof.HTTPServer(sslContext=sslContext)
httpd.queueResponse([200, [], "OK"])
httpd.start()
# trust self-signed certificate
session = requests.Session()
session.verify = cert
response = session.get(httpd.url + "/uri/path")
print(response.status_code, response.content)
httpd.stop()If verifying the certificate is not an option, another way to work around this is to monkeypatch the requests library in the testing code. For example:
import requests
certVerify = requests.adapters.HTTPAdapter.cert_verify
def certNoVerify(self, conn, url, verify, cert):
return certVerify(self, conn, url, False, cert)
requests.adapters.HTTPAdapter.cert_verify = certNoVerify
requests.packages.urllib3.disable_warnings()Another common case is libraries that leverage ssl directly. One way to work around this is to globally set the default context to unverified. For example:
import ssl
try:
createUnverifiedHttpsContext = ssl._create_unverified_context
except AttributeError:
# ignore if ssl context not verified by default
pass
else:
ssl._create_default_https_context = createUnverifiedHttpsContextRelease history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file spoof-2.0.0.tar.gz.
File metadata
- Download URL: spoof-2.0.0.tar.gz
- Upload date:
- Size: 16.1 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.14.3
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
5d7b7fa069d67c4212199e00ed46054713990daef663f3b66a132029e288e4c7
|
|
| MD5 |
e66cd7bcdb246bd18099ba32c0817996
|
|
| BLAKE2b-256 |
b648435a0d5a2623fa03ca850b8d733a8e860d5200463c595611917da7900c5b
|
File details
Details for the file spoof-2.0.0-py3-none-any.whl.
File metadata
- Download URL: spoof-2.0.0-py3-none-any.whl
- Upload date:
- Size: 10.8 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.14.3
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
268b95a9869b4dcd85632f0a7da13aadf3d5169582cbbec4cd775cb412b5571a
|
|
| MD5 |
677b92c61fefa053353107bc24db5668
|
|
| BLAKE2b-256 |
76b8f8b50d69db8819d657aaa3afde9b06a93810f40cb7425302589e911d9736
|
