diff options
| author | Chris 'BinGOs' Williams <chris@bingosnet.co.uk> | 2014-12-11 20:37:17 +0000 |
|---|---|---|
| committer | Chris 'BinGOs' Williams <chris@bingosnet.co.uk> | 2014-12-11 20:37:17 +0000 |
| commit | eed9221580b325cc9e73ebb61d115f94a5af3dd4 (patch) | |
| tree | 32b74a116926b6cc35514833aebe7ac09e2e4bcd /cpan/HTTP-Tiny | |
| parent | d5b98071c9e3e7e1d15e5358ad2316f3928fb05d (diff) | |
| download | perl-eed9221580b325cc9e73ebb61d115f94a5af3dd4.tar.gz | |
Update HTTP-Tiny to CPAN version 0.052
[DELTA]
0.052 2014-12-11 15:23:54-05:00 America/New_York
[CHANGED]
- Proxy allowed from environment variable HTTP_PROXY (uppercase) unless
REQUEST_METHOD is also set.
Diffstat (limited to 'cpan/HTTP-Tiny')
| -rw-r--r-- | cpan/HTTP-Tiny/lib/HTTP/Tiny.pm | 15 | ||||
| -rw-r--r-- | cpan/HTTP-Tiny/t/140_proxy.t | 21 |
2 files changed, 32 insertions, 4 deletions
diff --git a/cpan/HTTP-Tiny/lib/HTTP/Tiny.pm b/cpan/HTTP-Tiny/lib/HTTP/Tiny.pm index d8bd7192c3..1a1e0920a7 100644 --- a/cpan/HTTP-Tiny/lib/HTTP/Tiny.pm +++ b/cpan/HTTP-Tiny/lib/HTTP/Tiny.pm @@ -4,7 +4,7 @@ use strict; use warnings; # ABSTRACT: A small, simple, correct HTTP/1.1 client -our $VERSION = '0.051'; +our $VERSION = '0.052'; use Carp (); @@ -141,7 +141,9 @@ sub _set_proxies { # http proxy if (! exists $self->{http_proxy} ) { - $self->{http_proxy} = $ENV{http_proxy} || $self->{proxy}; + # under CGI, bypass HTTP_PROXY as request sets it from Proxy header + local $ENV{HTTP_PROXY} if $ENV{REQUEST_METHOD}; + $self->{http_proxy} = $ENV{http_proxy} || $ENV{HTTP_PROXY} || $self->{proxy}; } if ( defined $self->{http_proxy} ) { @@ -1456,7 +1458,7 @@ HTTP::Tiny - A small, simple, correct HTTP/1.1 client =head1 VERSION -version 0.051 +version 0.052 =head1 SYNOPSIS @@ -1842,7 +1844,7 @@ HTTP::Tiny supports the following proxy environment variables: =item * -http_proxy +http_proxy or HTTP_PROXY =item * @@ -1854,6 +1856,11 @@ all_proxy or ALL_PROXY =back +If the C<REQUEST_METHOD> environment variable is set, then this might be a CGI +process and C<HTTP_PROXY> would be set from the C<Proxy:> header, which is a +security risk. If C<REQUEST_METHOD> is set, C<HTTP_PROXY> (the upper case +variant only) is ignored. + Tunnelling C<https> over an C<http> proxy using the CONNECT method is supported. If your proxy uses C<https> itself, you can not tunnel C<https> over it. diff --git a/cpan/HTTP-Tiny/t/140_proxy.t b/cpan/HTTP-Tiny/t/140_proxy.t index 4b122616a9..a23568ec98 100644 --- a/cpan/HTTP-Tiny/t/140_proxy.t +++ b/cpan/HTTP-Tiny/t/140_proxy.t @@ -48,4 +48,25 @@ for my $proxy ("http://localhost:8080/", "http://localhost:8080"){ ok(!defined $c->https_proxy, "https_proxy => undef disables ENV proxy"); } +# case variations +for my $var ( qw/http_proxy https_proxy all_proxy/ ) { + my $proxy = "http://localhost:8080"; + for my $s ( uc($var), lc($var) ) { + local $ENV{$s} = $proxy; + my $c = HTTP::Tiny->new(); + my $m = ($s =~ /all/i) ? 'proxy' : lc($s); + is( $c->$m, $proxy, "set $m from $s" ); + } +} + +# ignore HTTP_PROXY with REQUEST_METHOD +{ + local $ENV{HTTP_PROXY} = "http://localhost:8080"; + local $ENV{REQUEST_METHOD} = 'GET'; + my $c = HTTP::Tiny->new(); + ok(!defined $c->http_proxy, + "http_proxy not set from HTTP_PROXY if REQUEST_METHOD set"); + +} + done_testing(); |