diff options
| author | Noam Lerner <noamler@fb.com> | 2018-03-17 14:54:20 +0200 |
|---|---|---|
| committer | Noam Lerner <noamler@fb.com> | 2018-03-21 18:54:19 +0000 |
| commit | aeca382b6da6ee5e56f7081960e13450a08100d0 (patch) | |
| tree | d90ac93fddd2aac1c999702a1e479ba098d1a8a8 | |
| parent | 8a3c2532c9062496916eee16248b92fc1c9d8d4a (diff) | |
| download | chef-aeca382b6da6ee5e56f7081960e13450a08100d0.tar.gz | |
Stripping 'Authorization' header upon redirects (second try)
Signed-off-by: Noam Lerner <noamler@fb.com>
| -rw-r--r-- | chef-config/lib/chef-config/config.rb | 5 | ||||
| -rw-r--r-- | lib/chef/http.rb | 14 |
2 files changed, 18 insertions, 1 deletions
diff --git a/chef-config/lib/chef-config/config.rb b/chef-config/lib/chef-config/config.rb index c467d88f80..e5b63e7bdf 100644 --- a/chef-config/lib/chef-config/config.rb +++ b/chef-config/lib/chef-config/config.rb @@ -354,6 +354,11 @@ module ChefConfig default :http_retry_count, 5 default :http_retry_delay, 5 + # Whether or not to send the Authorization header again on http redirects. + # As per the plan in https://github.com/chef/chef/pull/7006, this will be + # False in Chef 14, True in Chef 15, and will be removed entirely in Chef 16. + default :http_disable_auth_on_redirect, false + default :interval, nil default :once, nil default :json_attribs, nil diff --git a/lib/chef/http.rb b/lib/chef/http.rb index 241806da4e..c3b7339835 100644 --- a/lib/chef/http.rb +++ b/lib/chef/http.rb @@ -381,7 +381,14 @@ class Chef elsif redirect_location = redirected_to(response) if [:GET, :HEAD].include?(method) follow_redirect do - send_http_request(method, url + redirect_location, headers, body, &response_handler) + redirected_url = url + redirect_location + if http_disable_auth_on_redirect + new_headers = build_headers(method, redirected_url, headers, body) + new_headers.delete("Authorization") if url.host != redirected_url.host + send_http_request(method, redirected_url, new_headers, body, &response_handler) + else + send_http_request(method, redirected_url, headers, body, &response_handler) + end end else raise Exceptions::InvalidRedirect, "#{method} request was redirected from #{url} to #{redirect_location}. Only GET and HEAD support redirects." @@ -460,6 +467,11 @@ class Chef end # @api private + def http_disable_auth_on_redirect + config[:http_disable_auth_on_redirect] + end + + # @api private def config Chef::Config end |