summaryrefslogtreecommitdiff
path: root/lib
diff options
context:
space:
mode:
authorNoam Lerner <noamler@fb.com>2018-03-17 14:54:20 +0200
committerNoam Lerner <noamler@fb.com>2018-03-21 18:54:19 +0000
commitaeca382b6da6ee5e56f7081960e13450a08100d0 (patch)
treed90ac93fddd2aac1c999702a1e479ba098d1a8a8 /lib
parent8a3c2532c9062496916eee16248b92fc1c9d8d4a (diff)
downloadchef-aeca382b6da6ee5e56f7081960e13450a08100d0.tar.gz
Stripping 'Authorization' header upon redirects (second try)
Signed-off-by: Noam Lerner <noamler@fb.com>
Diffstat (limited to 'lib')
-rw-r--r--lib/chef/http.rb14
1 files changed, 13 insertions, 1 deletions
diff --git a/lib/chef/http.rb b/lib/chef/http.rb
index 241806da4e..c3b7339835 100644
--- a/lib/chef/http.rb
+++ b/lib/chef/http.rb
@@ -381,7 +381,14 @@ class Chef
elsif redirect_location = redirected_to(response)
if [:GET, :HEAD].include?(method)
follow_redirect do
- send_http_request(method, url + redirect_location, headers, body, &response_handler)
+ redirected_url = url + redirect_location
+ if http_disable_auth_on_redirect
+ new_headers = build_headers(method, redirected_url, headers, body)
+ new_headers.delete("Authorization") if url.host != redirected_url.host
+ send_http_request(method, redirected_url, new_headers, body, &response_handler)
+ else
+ send_http_request(method, redirected_url, headers, body, &response_handler)
+ end
end
else
raise Exceptions::InvalidRedirect, "#{method} request was redirected from #{url} to #{redirect_location}. Only GET and HEAD support redirects."
@@ -460,6 +467,11 @@ class Chef
end
# @api private
+ def http_disable_auth_on_redirect
+ config[:http_disable_auth_on_redirect]
+ end
+
+ # @api private
def config
Chef::Config
end