zyppe/luasocket
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

fix(http): Allow relative redirect on https (#395)

Browse source 
Location header can now be relative: https://httpwg.org/specs/rfc9110.html#field.location
This commit is contained in:
Henri D 2022-10-08 08:42:36 +02:00 committed by GitHub
parent 26b524e1d7
commit 8c2ff7217e
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 34 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

5
src/http.lua
View file

@ -300,6 +300,8 @@ local function shouldredirect(reqt, code, headers)
if not location then return false end
location = string.gsub(location, "%s", "")
if location == "" then return false end
-- the RFC says the redirect URL may be relative
location = url.absolute(reqt.url, location)
local scheme = url.parse(location).scheme
if scheme and (not SCHEMES[scheme]) then return false end
-- avoid https downgrades
@ -323,8 +325,7 @@ end
local trequest, tredirect
--[[local]] function tredirect(reqt, location)
-- the RFC says the redirect URL has to be absolute, but some
-- servers do not respect that
-- the RFC says the redirect URL may be relative
local newurl = url.absolute(reqt.url, location)
-- if switching schemes, reset port and create function
if url.parse(newurl).scheme ~= reqt.scheme then