summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorLamont Granquist <lamont@scriptkiddie.org>2018-04-02 13:25:53 -0700
committerGitHub <noreply@github.com>2018-04-02 13:25:53 -0700
commit605ca169897fa86f0b300cf4702973c1b3a7708b (patch)
tree4dab90f6a3772facd8ff8f724d2c0c18a38fa4a8
parent2e5f04cb0198cf16eff7acf32a3da3ab1b0027a5 (diff)
parentaeca382b6da6ee5e56f7081960e13450a08100d0 (diff)
downloadchef-605ca169897fa86f0b300cf4702973c1b3a7708b.tar.gz
Merge pull request #7006 from bugok/http_auth_header2
Stripping Authorization header upon redirects (second try)
-rw-r--r--chef-config/lib/chef-config/config.rb5
-rw-r--r--lib/chef/http.rb14
2 files changed, 18 insertions, 1 deletions
diff --git a/chef-config/lib/chef-config/config.rb b/chef-config/lib/chef-config/config.rb
index ad4ef0574d..d1f33d3400 100644
--- a/chef-config/lib/chef-config/config.rb
+++ b/chef-config/lib/chef-config/config.rb
@@ -354,6 +354,11 @@ module ChefConfig
default :http_retry_count, 5
default :http_retry_delay, 5
+ # Whether or not to send the Authorization header again on http redirects.
+ # As per the plan in https://github.com/chef/chef/pull/7006, this will be
+ # False in Chef 14, True in Chef 15, and will be removed entirely in Chef 16.
+ default :http_disable_auth_on_redirect, false
+
default :interval, nil
default :once, nil
default :json_attribs, nil
diff --git a/lib/chef/http.rb b/lib/chef/http.rb
index edcd6eed3d..016e81d12c 100644
--- a/lib/chef/http.rb
+++ b/lib/chef/http.rb
@@ -381,7 +381,14 @@ class Chef
elsif redirect_location = redirected_to(response)
if [:GET, :HEAD].include?(method)
follow_redirect do
- send_http_request(method, url + redirect_location, headers, body, &response_handler)
+ redirected_url = url + redirect_location
+ if http_disable_auth_on_redirect
+ new_headers = build_headers(method, redirected_url, headers, body)
+ new_headers.delete("Authorization") if url.host != redirected_url.host
+ send_http_request(method, redirected_url, new_headers, body, &response_handler)
+ else
+ send_http_request(method, redirected_url, headers, body, &response_handler)
+ end
end
else
raise Exceptions::InvalidRedirect, "#{method} request was redirected from #{url} to #{redirect_location}. Only GET and HEAD support redirects."
@@ -460,6 +467,11 @@ class Chef
end
# @api private
+ def http_disable_auth_on_redirect
+ config[:http_disable_auth_on_redirect]
+ end
+
+ # @api private
def config
Chef::Config
end