Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

_HTTPConnection: check location on _should_follow_redirect() and retain safe request when following redirects #2409

Merged
merged 5 commits into from
Jun 28, 2018
Merged
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
9 changes: 6 additions & 3 deletions tornado/simple_httpclient.py
Original file line number Diff line number Diff line change
Expand Up @@ -209,6 +209,7 @@ def _on_timeout(self, key, info=None):

class _HTTPConnection(httputil.HTTPMessageDelegate):
_SUPPORTED_METHODS = set(["GET", "HEAD", "POST", "PUT", "DELETE", "PATCH", "OPTIONS"])
_SAFE_METHODS = set(["GET", "HEAD", "OPTIONS"])

def __init__(self, client, request, release_callback,
final_callback, max_buffer_size, tcp_client,
Expand Down Expand Up @@ -493,7 +494,8 @@ def headers_received(self, first_line, headers):
def _should_follow_redirect(self):
return (self.request.follow_redirects and
self.request.max_redirects > 0 and
self.code in (301, 302, 303, 307, 308))
self.code in (301, 302, 303, 307, 308) and
self.headers.get("Location") is not None)

def finish(self):
data = b''.join(self.chunks)
Expand All @@ -514,8 +516,9 @@ def finish(self):
# treat 302 the same as 303, and many servers use 302 for
# compatibility with pre-HTTP/1.1 user agents which don't
# understand the 303 status.
if self.code in (302, 303):
new_request.method = "GET"
if self.code in (301, 302, 303):
if self.request.method not in self._SAFE_METHODS:
new_request.method = "GET"
new_request.body = None
for h in ["Content-Length", "Content-Type",
"Content-Encoding", "Transfer-Encoding"]:
Expand Down