From 8c2ff7217e2a205eb107a6f48b04ff1b2b3090a1 Mon Sep 17 00:00:00 2001
From: Henri D <nheir.kim@gmail.com>
Date: Sat, 8 Oct 2022 08:42:36 +0200
Subject: fix(http): Allow relative redirect on https (#395)

Location header can now be relative: https://httpwg.org/specs/rfc9110.html#field.location
---
 src/http.lua | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

(limited to 'src')

diff --git a/src/http.lua b/src/http.lua
index 1330355..fbd5ff6 100644
--- a/src/http.lua
+++ b/src/http.lua
@@ -300,6 +300,8 @@ local function shouldredirect(reqt, code, headers)
     if not location then return false end
     location = string.gsub(location, "%s", "")
     if location == "" then return false end
+    -- the RFC says the redirect URL may be relative
+    location = url.absolute(reqt.url, location)
     local scheme = url.parse(location).scheme
     if scheme and (not SCHEMES[scheme]) then return false end
     -- avoid https downgrades
@@ -323,8 +325,7 @@ end
 local trequest, tredirect
 
 --[[local]] function tredirect(reqt, location)
-    -- the RFC says the redirect URL has to be absolute, but some
-    -- servers do not respect that
+    -- the RFC says the redirect URL may be relative
     local newurl = url.absolute(reqt.url, location)
     -- if switching schemes, reset port and create function
     if url.parse(newurl).scheme ~= reqt.scheme then
-- 
cgit v1.2.3-55-g6feb