aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorHenri D <nheir.kim@gmail.com>2022-10-08 08:42:36 +0200
committerGitHub <noreply@github.com>2022-10-08 09:42:36 +0300
commit8c2ff7217e2a205eb107a6f48b04ff1b2b3090a1 (patch)
tree2b02503d3b3ad527bb4e2b746a3438b43c1bcca3
parent26b524e1d7b9a00045882d3c0f25486485b1d6a8 (diff)
downloadluasocket-8c2ff7217e2a205eb107a6f48b04ff1b2b3090a1.tar.gz
luasocket-8c2ff7217e2a205eb107a6f48b04ff1b2b3090a1.tar.bz2
luasocket-8c2ff7217e2a205eb107a6f48b04ff1b2b3090a1.zip
fix(http): Allow relative redirect on https (#395)
Location header can now be relative: https://httpwg.org/specs/rfc9110.html#field.location
-rw-r--r--src/http.lua5
-rw-r--r--test/httptest.lua31
2 files changed, 34 insertions, 2 deletions
diff --git a/src/http.lua b/src/http.lua
index 1330355..fbd5ff6 100644
--- a/src/http.lua
+++ b/src/http.lua
@@ -300,6 +300,8 @@ local function shouldredirect(reqt, code, headers)
300 if not location then return false end 300 if not location then return false end
301 location = string.gsub(location, "%s", "") 301 location = string.gsub(location, "%s", "")
302 if location == "" then return false end 302 if location == "" then return false end
303 -- the RFC says the redirect URL may be relative
304 location = url.absolute(reqt.url, location)
303 local scheme = url.parse(location).scheme 305 local scheme = url.parse(location).scheme
304 if scheme and (not SCHEMES[scheme]) then return false end 306 if scheme and (not SCHEMES[scheme]) then return false end
305 -- avoid https downgrades 307 -- avoid https downgrades
@@ -323,8 +325,7 @@ end
323local trequest, tredirect 325local trequest, tredirect
324 326
325--[[local]] function tredirect(reqt, location) 327--[[local]] function tredirect(reqt, location)
326 -- the RFC says the redirect URL has to be absolute, but some 328 -- the RFC says the redirect URL may be relative
327 -- servers do not respect that
328 local newurl = url.absolute(reqt.url, location) 329 local newurl = url.absolute(reqt.url, location)
329 -- if switching schemes, reset port and create function 330 -- if switching schemes, reset port and create function
330 if url.parse(newurl).scheme ~= reqt.scheme then 331 if url.parse(newurl).scheme ~= reqt.scheme then
diff --git a/test/httptest.lua b/test/httptest.lua
index 63ff921..3457b07 100644
--- a/test/httptest.lua
+++ b/test/httptest.lua
@@ -265,6 +265,37 @@ ignore = {
265} 265}
266check_request(request, expect, ignore) 266check_request(request, expect, ignore)
267 267
268-- Use https://httpbin.org/#/Dynamic_data/get_base64__value_ for testing
269-----------------------------------------------------
270io.write("testing absolute https redirection: ")
271request = {
272 url = "https://httpbin.org/redirect-to?url=https://httpbin.org/base64/THVhIFNvY2tldA=="
273}
274expect = {
275 code = 200,
276 body = "Lua Socket"
277}
278ignore = {
279 status = 1,
280 headers = 1
281}
282check_request(request, expect, ignore)
283
284-----------------------------------------------------
285io.write("testing relative https redirection: ")
286request = {
287 url = "https://httpbin.org/redirect-to?url=/base64/THVhIFNvY2tldA=="
288}
289expect = {
290 code = 200,
291 body = "Lua Socket"
292}
293ignore = {
294 status = 1,
295 headers = 1
296}
297check_request(request, expect, ignore)
298
268------------------------------------------------------------------------ 299------------------------------------------------------------------------
269--[[ 300--[[
270io.write("testing proxy with redirection: ") 301io.write("testing proxy with redirection: ")