Bug #5950

closed

open-uri: https redirect fix

Added by azet (Aaron Zauner) almost 13 years ago. Updated about 7 years ago.

Status:

Closed

Assignee:

akr (Akira Tanaka)

Target version:

ruby -v:

ruby 1.8.7 (2011-06-30 patchlevel 352) [x86_64-linux]

Backport:

2.3: UNKNOWN, 2.4: UNKNOWN

[ruby-core:42268]

Description

open-uri raises an exception if a http/s redirect refers to https.

original mail to the maintainer with a quickfix: https://gist.github.com/1704932

--snip--

this is taken from the original ruby open-uri class,¶

fixed this to support secure socket http redirects:¶

def OpenURI.redirectable?(uri1, uri2) # :nodoc:
# This test is intended to forbid a redirection from http://... to
# file:///etc/passwd.
# However this is ad hoc. It should be extensible/configurable.
uri1.scheme.downcase == uri2.scheme.downcase ||
(/\A(?:http|ftp|https)\z/i =~ uri1.scheme && /\A(?:http|ftp|https)\z/i =~
uri2.scheme)
end
--snip--

Actions

Copy link

Also available in: Atom PDF

Like0

Like0Like0Like0Like0Like0

Project

General

Profile

Ruby » Ruby master

Custom queries

Bug #5950

open-uri: https redirect fix

this is taken from the original ruby open-uri class,¶

fixed this to support secure socket http redirects:¶

Updated by jhilden (Jakob Hilden) over 12 years ago

Updated by mame (Yusuke Endoh) over 12 years ago

Updated by akr (Akira Tanaka) over 11 years ago

Updated by akr (Akira Tanaka) over 11 years ago

Updated by akr (Akira Tanaka) about 7 years ago