Follow relative locations correctly. Fixes #228 (#230)

* Follow relative locations correctly. Fixes #228 * Add spec for absolute URLs. * Regenerated Rubocop config
rack · May 21, 2018 · 88559dc · 88559dc
1 parent 03eb717
commit 88559dc
Show file tree

Hide file tree

Showing 4 changed files with 43 additions and 10 deletions.
diff --git a/.rubocop_todo.yml b/.rubocop_todo.yml
@@ -1,6 +1,6 @@
 # This configuration was generated by
 # `rubocop --auto-gen-config`
-# on 2017-07-12 09:10:37 +0300 using RuboCop version 0.49.1.
+# on 2018-05-21 20:37:38 +0100 using RuboCop version 0.49.1.
 # The point is for the user to remove these configuration records
 # one by one as the offenses are removed from the code base.
 # Note that changes in the inspected code, or installation of new
@@ -15,26 +15,26 @@ Layout/IndentHeredoc:
     - 'lib/rack/test/utils.rb'
     - 'rack-test.gemspec'
 
-# Offense count: 2
+# Offense count: 1
 # Configuration parameters: AllowSafeAssignment.
 Lint/AssignmentInCondition:
   Exclude:
     - 'lib/rack/test.rb'
 
-# Offense count: 9
+# Offense count: 8
 Metrics/AbcSize:
-  Max: 58
+  Max: 47
 
 # Offense count: 2
 # Configuration parameters: CountComments.
 Metrics/ClassLength:
-  Max: 173
+  Max: 174
 
 # Offense count: 5
 Metrics/CyclomaticComplexity:
-  Max: 13
+  Max: 12
 
-# Offense count: 75
+# Offense count: 89
 # Configuration parameters: AllowHeredoc, AllowURI, URISchemes, IgnoreCopDirectives, IgnoredPatterns.
 # URISchemes: http, https
 Metrics/LineLength:
@@ -48,11 +48,11 @@ Metrics/MethodLength:
 # Offense count: 1
 # Configuration parameters: CountComments.
 Metrics/ModuleLength:
-  Max: 124
+  Max: 122
 
 # Offense count: 3
 Metrics/PerceivedComplexity:
-  Max: 16
+  Max: 15
 
 # Offense count: 1
 Security/Eval:

diff --git a/lib/rack/test.rb b/lib/rack/test.rb
@@ -194,8 +194,14 @@ def follow_redirect!
           else
             [:get, {}]
           end
+
+        # Compute the next location by appending the location header with the
+        # last request, as per https://tools.ietf.org/html/rfc7231#section-7.1.2
+        # Adding two absolute locations returns the right-hand location
+        next_location = URI.parse(last_request.url) + URI.parse(last_response['Location'])
+
         send(
-          request_method, last_response['Location'], params,
+          request_method, next_location.to_s, params,
           'HTTP_REFERER' => last_request.url,
           'rack.session' => last_request.session,
           'rack.session.options' => last_request.session_options

diff --git a/spec/fixtures/fake_app.rb b/spec/fixtures/fake_app.rb
@@ -20,6 +20,18 @@ class FakeApp < Sinatra::Base
         redirect '/redirected'
       end
 
+      get '/nested/redirect' do
+        [301, { 'location' => 'redirected' }, []]
+      end
+
+      get '/nested/redirected' do
+        'Hello World!'
+      end
+
+      get '/absolute/redirect' do
+        [301, { 'location' => 'https://www.google.com' }, []]
+      end
+
       post '/redirect' do
         if params['status']
           redirect to('/redirected'), Integer(params['status'])

diff --git a/spec/rack/test_spec.rb b/spec/rack/test_spec.rb
@@ -366,6 +366,21 @@ def close
       expect(last_request.env['HTTP_REFERER']).to eql('http://example.org/redirect')
     end
 
+    it 'follows absolute redirects' do
+      get '/absolute/redirect'
+      expect(last_response.headers['location']).to be == 'https://www.google.com'
+    end
+
+    it 'follows nested redirects' do
+      get '/nested/redirect'
+
+      expect(last_response.headers['location']).to be == 'redirected'
+      follow_redirect!
+
+      expect(last_response).to be_ok
+      expect(last_request.env['PATH_INFO']).to eq('/nested/redirected')
+    end
+
     it 'does not include params when following the redirect' do
       get '/redirect', 'foo' => 'bar'
       follow_redirect!