Skip to content

Commit

Permalink
Revert "Revert "_HTTPConnection: check location on _should_follow_red…
Browse files Browse the repository at this point in the history
…irect() and retain safe request when following redirects (tornadoweb#2409)""

This reverts commit dda77f2.
  • Loading branch information
bdarnell committed Jan 1, 2019
1 parent b399a9d commit 2ca8821
Show file tree
Hide file tree
Showing 2 changed files with 18 additions and 0 deletions.
2 changes: 2 additions & 0 deletions tornado/simple_httpclient.py
Original file line number Diff line number Diff line change
Expand Up @@ -608,6 +608,8 @@ def _should_follow_redirect(self) -> bool:
return (
self.code in (301, 302, 303, 307, 308)
and self.request.max_redirects > 0
and self.headers is not None
and self.headers.get("Location") is not None
)
return False

Expand Down
16 changes: 16 additions & 0 deletions tornado/test/httpclient_test.py
Original file line number Diff line number Diff line change
Expand Up @@ -62,6 +62,13 @@ def prepare(self):
)


class RedirectWithoutLocationHandler(RequestHandler):
def prepare(self):
# For testing error handling of a redirect with no location header.
self.set_status(301)
self.finish()


class ChunkHandler(RequestHandler):
@gen.coroutine
def get(self):
Expand Down Expand Up @@ -143,6 +150,7 @@ def get_app(self):
url("/post", PostHandler),
url("/put", PutHandler),
url("/redirect", RedirectHandler),
url("/redirect_without_location", RedirectWithoutLocationHandler),
url("/chunk", ChunkHandler),
url("/auth", AuthHandler),
url("/countdown/([0-9]+)", CountdownHandler, name="countdown"),
Expand Down Expand Up @@ -291,6 +299,14 @@ def test_follow_redirect(self):
self.assertTrue(response.effective_url.endswith("/countdown/0"))
self.assertEqual(b"Zero", response.body)

def test_redirect_without_location(self):
response = self.fetch("/redirect_without_location", follow_redirects=True)
# If there is no location header, the redirect response should
# just be returned as-is. (This should arguably raise an
# error, but libcurl doesn't treat this as an error, so we
# don't either).
self.assertEqual(301, response.code)

def test_credentials_in_url(self):
url = self.get_url("/auth").replace("http://", "http://me:secret@")
response = self.fetch(url)
Expand Down

0 comments on commit 2ca8821

Please sign in to comment.