lib/ureq
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fixes after feedback

Browse Source
This commit is contained in:
Martin Algesten
2021-12-17 20:49:10 +01:00
parent 2b0eca9827
commit 0f0dec5f32
2 changed files with 9 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
src/agent.rs
View File

@@ -20,14 +20,16 @@ use {
///
/// `Never` is the default strategy and never preserves `authorization` header in redirects.
/// `SameHost` send the authorization header in redirects only if the host of the redirect is
/// the same of the previous request, and both use the `https` scheme.
/// the same of the previous request, and both use the same scheme (or switch to a more secure one, i.e
/// we can redirect from `http` to `https`, but not the reverse).
#[derive(Debug, Clone, PartialEq, Eq)]
#[non_exhaustive]
pub enum RedirectAuthHeaders {
/// Never preserve the `authorization` header on redirect. This is the default.
Never,
/// Preserve the `authorization` header when the redirect is to the same host. Must
/// be under the `https` scheme (though port can differ).
/// Preserve the `authorization` header when the redirect is to the same host. Both hosts must use
/// the same scheme (or switch to a more secure one, i.e we can redirect from `http` to `https`,
/// but not the reverse).
SameHost,
}

5
src/unit.rs
View File

@@ -383,7 +383,10 @@ fn can_propagate_authorization_on_redirect(
let prev_host = prev_url.host_str();
let prev_is_https = scheme_is_https(prev_url);
host == prev_host && prev_is_https && is_https
let same_scheme_or_more_secure =
is_https == prev_is_https || (!prev_is_https && is_https);
host == prev_host && same_scheme_or_more_secure
}
}
}