Ensure the response body is always read (#69)

arkadiyt · Sep 1, 2023 · 2e7304d · 2e7304d
1 parent f93dab1
commit 2e7304d
Showing 1 changed file with 5 additions and 0 deletions.
diff --git a/lib/ssrf_filter/ssrf_filter.rb b/lib/ssrf_filter/ssrf_filter.rb
@@ -200,6 +200,11 @@ def self.fetch_once(uri, ip, verb, options, &block)
             return nil, url
           else
             block&.call(response)
+            # Normally the body is read by net/http, e.g. here:
+            # https://github.com/ruby/ruby/blob/bead5396503175b6873d1b4e60bd8c8d2c82b772/lib/net/http/response.rb#L321
+            # but because we passed a block to http.request and are returning below, the control flow is altered and
+            # that line never executes, so read it ourselves
+            response.body
             return response, nil
           end
         end