Skip to content

Commit

Permalink
for #180: allow HTTP requests in default hyper client.
Browse files Browse the repository at this point in the history
If an attacker could manipulate URLs for token retrieval etc., they
could wreak considerably more havoc than a downgrade attack.
  • Loading branch information
dermesser committed Jun 20, 2022
1 parent 253528a commit f1600d4
Showing 1 changed file with 3 additions and 3 deletions.
6 changes: 3 additions & 3 deletions src/authenticator.rs
Original file line number Diff line number Diff line change
Expand Up @@ -715,8 +715,8 @@ mod private {
AuthFlow::ServiceAccountFlow(service_account_flow) => {
service_account_flow.token(hyper_client, scopes).await
}
AuthFlow::ApplicationDefaultCredentialsFlow(service_account_flow) => {
service_account_flow.token(hyper_client, scopes).await
AuthFlow::ApplicationDefaultCredentialsFlow(adc_flow) => {
adc_flow.token(hyper_client, scopes).await
}
AuthFlow::AuthorizedUserFlow(authorized_user_flow) => {
authorized_user_flow.token(hyper_client, scopes).await
Expand Down Expand Up @@ -780,7 +780,7 @@ impl HyperClientBuilder for DefaultHyperClient {
#[cfg(feature = "hyper-rustls")]
let connector = hyper_rustls::HttpsConnectorBuilder::new()
.with_native_roots()
.https_only()
.https_or_http()
.enable_http1()
.enable_http2()
.build();
Expand Down

0 comments on commit f1600d4

Please sign in to comment.