gnunet-svn
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[gnurl] 242/264: transfer: Switch PUT to GET/HEAD on 303 redirect

From: gnunet
Subject: [gnurl] 242/264: transfer: Switch PUT to GET/HEAD on 303 redirect
Date: Thu, 30 Apr 2020 16:09:05 +0200 
This is an automated email from the git hooks/post-receive script.

nikita pushed a commit to branch master
in repository gnurl.

commit c0e139a60db68034e04362694290f7cf422eb924
Author: Jay Satiro <address@hidden>
AuthorDate: Thu Apr 16 14:15:34 2020 -0400

    transfer: Switch PUT to GET/HEAD on 303 redirect
    
    Prior to this change if there was a 303 reply to a PUT request then
    the subsequent request to respond to that redirect would also be a PUT.
    It was determined that was most likely incorrect based on the language
    of the RFCs. Basically 303 means "see other" resource, which implies it
    is most likely not the same resource, therefore we should not try to PUT
    to that different resource.
    
    Refer to the discussions in #5237 and #5248 for more information.
    
    Fixes https://github.com/curl/curl/issues/5237
    Closes https://github.com/curl/curl/pull/5248
---
 lib/transfer.c          | 19 ++++++++----
 tests/data/Makefile.inc |  2 +-
 tests/data/test1524     | 77 +++++++++++++++++++++++++++++++++++++++++++++++++
 3 files changed, 91 insertions(+), 7 deletions(-)

diff --git a/lib/transfer.c b/lib/transfer.c
index d5eb2c327..b9581d7ad 100644
--- a/lib/transfer.c
+++ b/lib/transfer.c
@@ -1717,12 +1717,19 @@ CURLcode Curl_follow(struct Curl_easy *data,
     break;
 
   case 303: /* See Other */
-    /* Disable both types of POSTs, unless the user explicitly
-       asks for POST after POST */
-    if(data->set.httpreq != HTTPREQ_GET
-      && !(data->set.keep_post & CURL_REDIR_POST_303)) {
-      data->set.httpreq = HTTPREQ_GET; /* enforce GET request */
-      infof(data, "Disables POST, goes with %s\n",
+    /* 'See Other' location is not the resource but a substitute for the
+     * resource. In this case we switch the method to GET/HEAD, unless the
+     * method is POST and the user specified to keep it as POST.
+     * https://github.com/curl/curl/issues/5237#issuecomment-614641049
+     */
+    if(data->set.httpreq != HTTPREQ_GET &&
+       ((data->set.httpreq != HTTPREQ_POST &&
+         data->set.httpreq != HTTPREQ_POST_FORM &&
+         data->set.httpreq != HTTPREQ_POST_MIME) ||
+        !(data->set.keep_post & CURL_REDIR_POST_303))) {
+      data->set.httpreq = HTTPREQ_GET;
+      data->set.upload = false;
+      infof(data, "Switch to %s\n",
             data->set.opt_no_body?"HEAD":"GET");
     }
     break;
diff --git a/tests/data/Makefile.inc b/tests/data/Makefile.inc
index 425a0c02f..26faa954f 100644
--- a/tests/data/Makefile.inc
+++ b/tests/data/Makefile.inc
@@ -178,7 +178,7 @@ test1450 test1451 test1452 test1453 test1454 test1455 
test1456 test1457 \
 test1458 test1459 test1500 test1501 test1502 test1503 test1504 test1505 \
 test1506 test1507 test1508 test1509 test1510 test1511 test1512 test1513 \
 test1514 test1515 test1516 test1517 test1518 test1519 test1520 test1521 \
-test1522 test1523 \
+test1522 test1523 test1524 \
 \
 test1525 test1526 test1527 test1528 test1529 test1530 test1531 test1532 \
 test1533 test1534 test1535 test1536 test1537 test1538 \
diff --git a/tests/data/test1524 b/tests/data/test1524
new file mode 100644
index 000000000..ed0c0476e
--- /dev/null
+++ b/tests/data/test1524
@@ -0,0 +1,77 @@
+<testcase>
+<info>
+<keywords>
+HTTP
+HTTP PUT
+followlocation
+</keywords>
+</info>
+#
+# Server-side
+<reply>
+<data>
+HTTP/1.1 303 OK swsclose
+Location: moo.html&testcase=/15240002
+Connection: close
+
+</data>
+<data2>
+HTTP/1.1 200 OK swsclose
+Location: this should be ignored
+Connection: close
+
+body
+</data2>
+<datacheck>
+HTTP/1.1 303 OK swsclose
+Location: moo.html&testcase=/15240002
+Connection: close
+
+HTTP/1.1 200 OK swsclose
+Location: this should be ignored
+Connection: close
+
+body
+</datacheck>
+</reply>
+
+#
+# Client-side
+<client>
+<server>
+http
+</server>
+ <name>
+HTTP PUT with 303 redirect
+ </name>
+ <command>
+http://%HOSTIP:%HTTPPORT/blah/1524 -L -T log/upload1524.txt
+</command>
+<file name="log/upload1524.txt">
+moo
+</file>
+</client>
+
+#
+# Verify data after the test has been "shot"
+<verify>
+<strip>
+^User-Agent:.*
+</strip>
+<protocol nonewline="yes">
+PUT /blah/1524 HTTP/1.1
+Host: %HOSTIP:%HTTPPORT
+Accept: */*
+Content-Length: 4
+Expect: 100-continue
+
+moo
+GET /blah/moo.html&testcase=/15240002 HTTP/1.1
+User-Agent: this should be ignored
+Host: %HOSTIP:%HTTPPORT
+Accept: */*
+
+
+</protocol>
+</verify>
+</testcase>

-- 
To stop receiving notification emails like this one, please contact
address@hidden.
reply via email to
[Prev in Thread] Current Thread [Next in Thread]