Browse Source

deal with 3xx httpcodes as required by HTTP/1.1 spec

An unknown code should be handled the same as the x00 code of this
group, but for redirections we used to treat 300 (and a few others)
as an error while unknown codes were considered redirections.

Instead we check now explicitly for the redirection codes we support for
redirecting (and add the 308 defined in RFC 7538) to avoid future
problems if new 3xx codes are added expecting certain behaviours.

Potentially strange would have been e.g. "305 Use Proxy" sending a
Location for the proxy to use – which wouldn't have worked and resulted
in an error anyhow, but probably confused users in the process.
tags/debian/1.5_alpha1
David Kalnischkies 4 years ago
parent
commit
42654d08c2
3 changed files with 15 additions and 14 deletions
  1. +12
    -12
      methods/basehttp.cc
  2. +2
    -2
      test/integration/test-bug-602412-dequote-redirect
  3. +1
    -0
      test/interactive-helper/aptwebserver.cc

+ 12
- 12
methods/basehttp.cc View File

@@ -286,18 +286,18 @@ BaseHttpMethod::DealWithHeaders(FetchResult &Res, RequestState &Req)
return IMS_HIT;
}

/* Redirect
*
* Note that it is only OK for us to treat all redirection the same
* because we *always* use GET, not other HTTP methods. There are
* three redirection codes for which it is not appropriate that we
* redirect. Pass on those codes so the error handling kicks in.
*/
if (AllowRedirect
&& (Req.Result > 300 && Req.Result < 400)
&& (Req.Result != 300 // Multiple Choices
&& Req.Result != 304 // Not Modified
&& Req.Result != 306)) // (Not part of HTTP/1.1, reserved)
/* Note that it is only OK for us to treat all redirection the same
because we *always* use GET, not other HTTP methods.
Codes not mentioned are handled as errors later as required by the
HTTP spec to handle unknown codes the same as the x00 code. */
constexpr unsigned int RedirectCodes[] = {
301, // Moved Permanently
302, // Found
303, // See Other
307, // Temporary Redirect
308, // Permanent Redirect
};
if (AllowRedirect && std::find(std::begin(RedirectCodes), std::end(RedirectCodes), Req.Result) != std::end(RedirectCodes))
{
if (Req.Location.empty() == true)
;


+ 2
- 2
test/integration/test-bug-602412-dequote-redirect View File

@@ -30,7 +30,7 @@ Reading package lists..." aptget update
testsuccess --nomsg aptget install unrelated --download-only -y
}

for CODE in 301 302 307; do
for CODE in 301 302 307 308; do
webserverconfig 'aptwebserver::redirect::httpcode' "$CODE"
rm -f aptarchive/webserver.log.client*.log
testrun "$CODE" "http://localhost:${APTHTTPPORT}"
@@ -40,7 +40,7 @@ done

changetohttpswebserver

for CODE in 301 302 307; do
for CODE in 301 302 307 308; do
webserverconfig 'aptwebserver::redirect::httpcode' "$CODE"
rm -f aptarchive/webserver.log.client*.log
testrun "$CODE" "https://localhost:${APTHTTPSPORT}"


+ 1
- 0
test/interactive-helper/aptwebserver.cc View File

@@ -54,6 +54,7 @@ static std::string httpcodeToStr(int const httpcode) /*{{{*/
case 304: return _config->Find("aptwebserver::httpcode::304", "304 Not Modified");
case 305: return _config->Find("aptwebserver::httpcode::305", "305 Use Proxy");
case 307: return _config->Find("aptwebserver::httpcode::307", "307 Temporary Redirect");
case 308: return _config->Find("aptwebserver::httpcode::308", "308 Permanent Redirect");
// Client errors 4xx
case 400: return _config->Find("aptwebserver::httpcode::400", "400 Bad Request");
case 401: return _config->Find("aptwebserver::httpcode::401", "401 Unauthorized");


Loading…
Cancel
Save