Age | Commit message (Collapse) | Author |
|
* maint:
Don't modify URI, explicitly pass scheme to get_port
Update scheme on redirect URI and accumulator
Fix accidental Port assertion in resolve_authority
Add test case on relative redirects with ports
Do not assert that new URI port is same as old port
Add mixed test group, http -> https redirect test
Change-Id: I23b976dbc64e19787d6eca5757df50a1b7098857
|
|
|
|
This is necessary to prevent an error when calling get_port inside
resolve_authority
|
|
|
|
When handling 301 redirects from http -> https on Erlang 21.0.1, the
following error is encountered:
```
8> Options = [].
9> httpc:request(head, {"http://rhye.org", []}, Options, []).
{error,{shutdown,{{error,{badmatch,443}},
[{httpc_response,resolve_uri,7,
[{file,"/usr/local/lib/erlang/lib/inets-7.0/src/http_client/httpc_response.erl"},
{line,431}]},
{httpc_response,redirect,2,
[{file,"/usr/local/lib/erlang/lib/inets-7.0/src/http_client/httpc_response.erl"},
{line,396}]},
{httpc_handler,handle_response,1,
[{file,"httpc_handler.erl"},{line,1052}]},
{httpc_handler,handle_info,2,
[{file,"httpc_handler.erl"},{line,283}]},
{gen_server,try_dispatch,4,
[{file,"gen_server.erl"},{line,637}]},
{gen_server,handle_msg,6,
[{file,"gen_server.erl"},{line,711}]},
{proc_lib,init_p_do_apply,3,
[{file,"proc_lib.erl"},{line,249}]}]}}}
```
This seems to be caused by the following code in `resolve_uri`:
```
resolve_uri(Scheme, Host, Port, Path, Query, URI, Map0) ->
case maps:is_key(scheme, URI) of
true ->
Port = get_port(URI)
```
The value of `Port` passed in to `resolve_uri` here is 80, since the
original URL is http. However, since the redirected URL is https, the
`get_port` call returns 443, which is not equal to 80, and crashes.
Assigning to a new variable seems to fix redirects.
|
|
According to the code in httpc.erl, the pquery parameter in the
#request record should start with a question mark. However, when
a server returned a 403 response, the Location header was parsed
and the question mark was not added to the beginning of the query
string. This ultimately causes the redirect to fail, as instead of
redirecting to "/path?query", httpc redirected to "/pathquery".
|
|
|
|
|
|
RFC 2616 requires an absolute URI in 'Location' header field for
redirects. RFC 7231 obsoleted RFC 2616 and allows URI-references.
Updated httpc_response to support URI-references, based on the
URI resolution algorithm defined by RFC 3986 (5.2.2. Transform
References).
Change-Id: I42227d32f458b6e7a60d55b40407c4092e69b222
|
|
If a message is received with both a Transfer-Encoding and a
Content-Length header field, it might indicate an attempt to
perform request smuggling or response splitting and must be
handled as an error in default mode (not relaxed mode).
Bug report: https://bugs.erlang.org/browse/ERL-407
|
|
|
|
Conflicts:
OTP_VERSION
erts/vsn.mk
lib/crypto/c_src/crypto.c
lib/crypto/src/crypto.erl
lib/ssh/src/ssh.erl
|
|
ERL-316, as part of 19.3, adds the port number to the Host header
upon automatic redirection. The port number is included even if it
is a well-known port (80, 443). This is different from the
behaviour of most HTTP clients, as well as httpc's own for new
requests.
The added port number can lead to problems such as this one, where
the request signature assumes the client will not send the :443
suffix on redirection to an https URL:
https://github.com/nerves-project/nerves/issues/96
I was unable to add a test case, since that would require a server
on a well-known port, but I manually verified that the GitHub/S3
signing issue was indeed resolved with this patch.
|
|
|
|
RFC2616 Sect 14.23: The Host request-header field specifies the
Internet host AND port number.
|
|
- The behavior of httpc:request when autoredirect = true is not correct
according to the latest update in RFC-7231. This patch corrects the
autoredirect behavior.
|
|
|
|
|
|
|
|
|
|
|
|
Changed httpc_response, for redirect '303 See Other' also POST
requests should be redirected (using GET). See RFC2616 sect. 10.3.4
for clarification.
|
|
|
|
The module http_uri now officially supported.
Also, the http_uri:parse/1,2 function has been
extended with more scheme support and a way
to provide your own scheme info.
OTP-9983
|
|
|
|
When a URI with a IPv6 host is parsed, the brackets that encapsulates
the nnn is removed. This value is then supplied as the host header.
This can cause problems with some servers.
A workaround for this is to use headers_as_is and provide the host
header with the requst call
To solve this a new option has been added, ipv6_host_with_brackets.
This option specifies if the host value of the host header shall include
the branckets or not. By default, it does not (as before).
OTP-9628
|
|
{error, Reason} | {ok, ParsedURL}
|
|
|
|
OTP-8564: Update deeprication status.
OTP-8573: Inets mod_alias URL rewrite.
|
|
OTP-8351, OTP-8359 & OTP-8371.
|
|
|