Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Redirect policy with hsts #1335

Merged
merged 12 commits into from Sep 11, 2023
Merged

Redirect policy with hsts #1335

merged 12 commits into from Sep 11, 2023

Conversation

secinto
Copy link
Contributor

@secinto secinto commented Aug 31, 2023

Added a redirect policy which respects Strict-Transport-Security header (in a basic version, if a header is present without checking the content).
If during a redirect a HSTS header is added but the URL scheme is HTTP, the HTTP URL would be requested (maybe net/http/client would be a better place for this), which could either lead to timeouts (if the HTTP service is not available) or at least would behave differently than browser implementations.

The redirect policy can be switched on via the options (--respect-hsts / -rhsts).

skraxberger and others added 8 commits August 24, 2023 11:42
@skraxberger
Implementation of feature request projectdiscovery#1330
9be9fb5
@secinto
Merge branch 'dev' into feature_1330
d463b3b
@skraxberger
Modified storing of response chains, because it was not correct
13f78bc
@skraxberger
Modified storing of response chains, because it was not correct
9f6c9d0
@skraxberger
Modified storing of response chains, because it was not correct
2ad958c
@skraxberger
Added redirect policy which takes HSTS into account, so that even if …
c4810ff 
…the location would go from HTTPs to HTTP it would follow to HTTPs if an HTSTS header is present
@skraxberger
Revert "Added redirect policy which takes HSTS into account, so that …
0b702c5 
…even if the location would go from HTTPs to HTTP it would follow to HTTPs if an HTSTS header is present"

This reverts commit c4810ff.
@skraxberger
Implemented a redirect strategy which respects HSTS headers and modif…
964cc3b 
…ies the URL accordingly if necessary
@secinto secinto changed the base branch from main to dev August 31, 2023 09:14
@secinto secinto closed this Aug 31, 2023
@secinto secinto reopened this Aug 31, 2023
@ehsandeep ehsandeep added the Status: Review Needed The issue has a PR attached to it which needs to be reviewed label Sep 7, 2023
@Mzack9999 Mzack9999 merged commit 70baee9 into projectdiscovery:dev Sep 11, 2023
11 checks passed
@ehsandeep ehsandeep removed the Status: Review Needed The issue has a PR attached to it which needs to be reviewed label Sep 11, 2023
@chenrui333 chenrui333 mentioned this pull request Sep 14, 2023
Merged
@ppb007 ppb007 mentioned this pull request Sep 15, 2023
Closed
@ppb007 ppb007 mentioned this pull request Oct 31, 2023
Closed
@ppb007 ppb007 mentioned this pull request Nov 13, 2023
Closed
@ppb007 ppb007 mentioned this pull request Jan 16, 2024
Closed
@ppb007 ppb007 mentioned this pull request Jan 24, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Mzack9999 Mzack9999 Mzack9999 approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@secinto @Mzack9999 @ehsandeep @skraxberger