Sha256: f66cef6aa8188c3452b2efaa98ce58e135cd05a897ff9c45f3620309d295b1aa
Contents?: true
Size: 1.6 KB
Versions: 3
Compression:
Stored size: 1.6 KB
Contents
require 'open-uri'
module OpenURI
class << self
#
# The is a bug in Ruby's implementation of OpenURI that prevents redirects
# from HTTP -> HTTPS. That should totally be a valid redirect, so we
# override that method here and call it a day.
#
# Note: this does NOT permit HTTPS -> HTTP redirects, as that would be a
# major security hole in the fabric of space-time!
#
def default_redirectable?(uri1, uri2)
a, b = uri1.scheme.downcase, uri2.scheme.downcase
a == b || (a == 'http' && b == 'https')
end
alias_method :redirectable?, :default_redirectable?
#
# Permit all redirects.
#
# Note: this DOES permit HTTP -> HTTP redirects, and that is a major
# security hole!
#
# @return [true]
#
def unsafe_redirectable?(uri1, uri2)
a, b = uri1.scheme.downcase, uri2.scheme.downcase
a == b || (a == 'http' && b == 'https') || (a == 'https' && b == 'http')
end
#
# Override the default open_uri method to search for our custom option to
# permit unsafe redirects.
#
# @example
# open('http://example.com', allow_unsafe_redirects: true)
#
alias_method :original_open_uri, :open_uri
def open_uri(name, *rest, &block)
options = rest.find { |arg| arg.is_a?(Hash) } || {}
if options.delete(:allow_unsafe_redirects)
class << self
alias_method :redirectable?, :unsafe_redirectable?
end
end
original_open_uri(name, *rest, &block)
ensure
class << self
alias_method :redirectable?, :default_redirectable?
end
end
end
end
Version data entries
3 entries across 3 versions & 1 rubygems
| Version | Path |
|---|---|
| omnibus-4.0.0.rc.2 | lib/omnibus/core_extensions/open_uri.rb |
| omnibus-4.0.0.rc.1 | lib/omnibus/core_extensions/open_uri.rb |
| omnibus-4.0.0.beta.1 | lib/omnibus/core_extensions/open_uri.rb |