You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The http client used in the http.send built-in does not specify the CheckRedirect field during the initialization of http.Client struct. If http redirects are disabled, CheckRedirect returns ErrUseLastResponse. It would good to have the CheckRedirect validate the redirect URLs returned by the server when http redirects are enabled.
The text was updated successfully, but these errors were encountered:
Currently if http redirects are enabled, we use the client's default
redirect policy. We should instead check if the hosts http.send
calls as part of the redirect are explictly allowed by the policy
authors. This change updates the http client's CheckRedirect policy
to verify the hosts the client calls when redirects are enabled.
Fixes: open-policy-agent#5388
Signed-off-by: Ashutosh Narkar <anarkar4387@gmail.com>
Currently if http redirects are enabled, we use the client's default
redirect policy. We should instead check if the hosts http.send
calls as part of the redirect are explictly allowed by the policy
authors. This change updates the http client's CheckRedirect policy
to verify the hosts the client calls when redirects are enabled.
Fixes: #5388
Signed-off-by: Ashutosh Narkar <anarkar4387@gmail.com>
The http client used in the
http.send
built-in does not specify the CheckRedirect field during the initialization of http.Client struct. If http redirects are disabled, CheckRedirect returnsErrUseLastResponse
. It would good to have the CheckRedirect validate the redirect URLs returned by the server when http redirects are enabled.The text was updated successfully, but these errors were encountered: