diff options
| author | Lamont Granquist <lamont@scriptkiddie.org> | 2018-04-02 13:25:53 -0700 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2018-04-02 13:25:53 -0700 |
| commit | 605ca169897fa86f0b300cf4702973c1b3a7708b (patch) | |
| tree | 4dab90f6a3772facd8ff8f724d2c0c18a38fa4a8 /lib | |
| parent | 2e5f04cb0198cf16eff7acf32a3da3ab1b0027a5 (diff) | |
| parent | aeca382b6da6ee5e56f7081960e13450a08100d0 (diff) | |
| download | chef-605ca169897fa86f0b300cf4702973c1b3a7708b.tar.gz | |
Merge pull request #7006 from bugok/http_auth_header2
Stripping Authorization header upon redirects (second try)
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/chef/http.rb | 14 |
1 files changed, 13 insertions, 1 deletions
diff --git a/lib/chef/http.rb b/lib/chef/http.rb index edcd6eed3d..016e81d12c 100644 --- a/lib/chef/http.rb +++ b/lib/chef/http.rb @@ -381,7 +381,14 @@ class Chef elsif redirect_location = redirected_to(response) if [:GET, :HEAD].include?(method) follow_redirect do - send_http_request(method, url + redirect_location, headers, body, &response_handler) + redirected_url = url + redirect_location + if http_disable_auth_on_redirect + new_headers = build_headers(method, redirected_url, headers, body) + new_headers.delete("Authorization") if url.host != redirected_url.host + send_http_request(method, redirected_url, new_headers, body, &response_handler) + else + send_http_request(method, redirected_url, headers, body, &response_handler) + end end else raise Exceptions::InvalidRedirect, "#{method} request was redirected from #{url} to #{redirect_location}. Only GET and HEAD support redirects." @@ -460,6 +467,11 @@ class Chef end # @api private + def http_disable_auth_on_redirect + config[:http_disable_auth_on_redirect] + end + + # @api private def config Chef::Config end |