http.rb 0.21.0 → 0.23.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 905cbbe9829dc262c67ec3eb4dc5dd37590e377df516ee2550b57c7d2648553e
-  data.tar.gz: 22983ec7dfd2d28060abe07f3236c183b2da16cd1f49657a1c9b1b5bd6b5c05a
+  metadata.gz: b1e4577389b2272eb97f9912694fc3e2951c64cf83758c9a6f05b544dab99f3f
+  data.tar.gz: 13574567a8fabe8ac8693cda1cd183703eb8d7f57f94da20ffe249feb4b1a52b
 SHA512:
-  metadata.gz: 971d00bde4ac4a54010a99332df8264c54f0e737beb98eeb9e76d5ddc9202578c868f643a7153fb07063aacbcc195495ebb8a5703d5bea68f53f6a446dfb6fdc
-  data.tar.gz: b4de8b52f8bb46a376021c78109649b45820603cb6f1954afb700ab707699157246adabb2296f40510b7e2abf54b99f7c360603b4c109a971f006687921db644
+  metadata.gz: f15f20fb2292d31e28da282fd138463234a2cead1e153a963c32a298b3fee441fcd50958203be30a103eb2c176da18f4beccdd6b362624e1c2769c1ee5b351f8
+  data.tar.gz: c8062c4c3f8ea7ffba22ac31f5e53288b8b36941651df1d087b18ec6e9bff46178e45afd421fc6218a910d61dc32e6cf410182336d058f28136b302589e1869a

data/CHANGELOG

@@ -1,15 +1,45 @@
 # CHANGELOG
 
-# 20260521
-# 0.21.0: Add specs for options, trace, and patch verbs.
+## 20260522
+
+0.23.0: Fix cross-scheme redirect SSL leak; clamp negative Retry-After.
+
+1. ~ HTTP.request: Compute http-object SSL configuration via options.merge instead of mutating the caller's options hash with auto-derived use_ssl and verify_mode. The previous ||= writes meant an HTTPS→HTTP redirect carried use_ssl: true through to the recursive call against the HTTP host, attempting an SSL handshake on the plain-HTTP port. Cross-scheme redirects in both directions now re-derive use_ssl from each URI.
+2. ~ HTTP.retry_after: Clamp the HTTP-date branch via delta && [delta, 0].max. A past Retry-After HTTP-date previously returned a negative delta; Kernel.sleep raises ArgumentError on negatives.
+3. ~ test/HTTP/get_test.rb: + cross-scheme redirection specs (HTTPS→HTTP and HTTP→HTTPS) using a Net::HTTP.new stub to capture each Net::HTTP instance and assert use_ssl? per hop.
+4. ~ test/HTTP/RETRY_test.rb: + specs for past-date Retry-After (clamps to 0) and negative-integer Retry-After (returns nil).
+5. ~ HTTP::VERSION: /0.22.0/0.23.0/
+6. ~ CHANGELOG: + 0.23.0 entry; fix 0.13.2 date typo (202503030 → 20250330).
+
+## 20260522
+
+0.22.0: Convert specs from RSpec to Minitest.
+
+1. ~ spec/ → test/: All spec files moved to test/ and rewritten in Minitest spec style with `let`, double-quoted descriptions, and `_(...).must_*` expectations. On the TODO since at least 0.17.0; completed before 1.0 to ship into stability on the test framework that's here to stay.
+2. ~ spec/spec_helper.rb → test/helper.rb: Rewrite for Minitest; preserve the webmock http_rb_adapter collision workaround. + MockResponse Struct used as a header-stand-in in HTTP.retry_after specs in place of instance_double(Net::HTTPResponse).
+3. ~ Rakefile: Use Rake::TestTask instead of RSpec::Core::RakeTask.
+4. ~ http.rb.gemspec: -rspec; +minitest; +minitest-mock (minitest 6 extracted Mock/stub into a separate gem); files glob /spec/test/.
+5. ~ HTTP.request: /response.header['location']/response['location']/ — Net::HTTPResponse#header has been deprecated for years; the documented replacement is #[]. Surfaced by Minitest's default reporter showing stderr warnings inline where RSpec was hiding them.
+6. ~ TODO: Annotate "Convert specs from RSpec to Minitest" as (Done as of 0.22.0).
+7. ~ HTTP::VERSION: /0.21.0/0.22.0/
+8. ~ CHANGELOG: + 0.22.0 entry
+9. ~ CHANGELOG: Reformat all entries with Markdown-style headings — `## YYYYMMDD` date headings, version line no longer `#`-prefixed.
+10. ~ http.rb.gemspec: Pin minitest to `~> 6.0` to lock the major and avoid bundler quietly resolving to 5.x off a stale lockfile.
+
+## 20260522
+
+0.21.0: Add specs for options, trace, and patch verbs.
+
 1. + spec/HTTP/options_spec.rb: Specs for HTTP.options. These were owed since 0.18.0 when the verb was added via the metaprogramming refactor.
 2. + spec/HTTP/trace_spec.rb: Specs for HTTP.trace. Owed since 0.18.0.
 3. + spec/HTTP/patch_spec.rb: Specs for HTTP.patch. Owed since 0.18.0.
 4. ~ HTTP::VERSION: /0.20.0/0.21.0/
 5. ~ CHANGELOG: + 0.21.0 entry
 
-# 20260522
-# 0.20.0: Add opt-in retry logic with exponential backoff.
+## 20260522
+
+0.20.0: Add opt-in retry logic with exponential backoff.
+
 1. + lib/HTTP/RETRY.rb: Retry helpers (with_retries, backoff_delay, retry_after) and constants (HTTP::RETRY::EXCEPTIONS, STATUS_CODES, VERBS).
 2. ~ HTTP.request: Retry on transient network exceptions and retry-worthy HTTP status codes (429, 502, 503, 504) when enabled. Exponential backoff with jitter. Honours Retry-After when present. Disabled by default; opt in via the retries option. Configurable via new options: retries (default 0), retry_delay (default 1.0), retry_status_codes, retry_exceptions, retry_verbs. Only idempotent verbs (get, head, options, put, delete, trace) retry by default; opt in to POST/PATCH retries via retry_verbs.
 3. + spec/HTTP/RETRY_spec.rb: Specs for retry behaviour and the helpers.
@@ -18,8 +48,10 @@
 6. ~ HTTP::VERSION: /0.19.0/0.20.0/
 7. ~ CHANGELOG: + 0.20.0 entry
 
-# 20260522
-# 0.19.0: Change default verify_mode to VERIFY_PEER.
+## 20260522
+
+0.19.0: Change default verify_mode to VERIFY_PEER.
+
 1. ~ HTTP.request: Default verify_mode changed from OpenSSL::SSL::VERIFY_NONE to OpenSSL::SSL::VERIFY_PEER. Callers needing the old behaviour can pass verify_mode: OpenSSL::SSL::VERIFY_NONE explicitly through the options hash.
 2. ~ spec/HTTP/get_spec.rb: + specs for default verify_mode and explicit VERIFY_NONE override; /verify_mode: 0/verify_mode: OpenSSL::SSL::VERIFY_PEER/ in redirect specs.
 3. ~ spec/HTTP/post_spec.rb: /verify_mode: 0/verify_mode: OpenSSL::SSL::VERIFY_PEER/ in redirect specs.
@@ -29,8 +61,10 @@
 7. ~ HTTP::VERSION: /0.18.3/0.19.0/
 8. ~ CHANGELOG: + 0.19.0 entry
 
-# 20260521
-# 0.18.3: Fix verb preservation on 307/308 redirects.
+## 20260521
+
+0.18.3: Fix verb preservation on 307/308 redirects.
+
 1. ~ HTTP.request: Use original verb when following 307 or 308 redirects, per RFC 7231 §6.4.7 and RFC 7538. 301/302/303 keep legacy GET-on-redirect behaviour.
 2. ~ spec/HTTP/post_spec.rb: + specs for 307/308 verb preservation and 307 body preservation.
 3. ~ spec/HTTP/put_spec.rb: + spec for 307 verb preservation.
@@ -39,8 +73,10 @@
 6. ~ HTTP::VERSION: /0.18.2/0.18.3/
 7. ~ CHANGELOG: + 0.18.3 entry
 
-# 20260520
-# 0.18.2: Fix relative redirect URL construction.
+## 20260520
+
+0.18.2: Fix relative redirect URL construction.
+
 1. ~ HTTP.request: Use URI#merge for redirect URL construction. Preserves original scheme, elides default ports, and resolves relative paths per RFC 3986.
 2. ~ spec/HTTP/get_spec.rb: Update relative-redirect stubs to elide default port; + context for HTTPS relative redirect.
 3. ~ spec/HTTP/post_spec.rb: Update relative-redirect stubs to elide default port.
@@ -49,8 +85,10 @@
 6. ~ HTTP::VERSION: /0.18.1/0.18.2/
 7. ~ CHANGELOG: + 0.18.2 entry
 
-# 20260508
-# 0.18.1: Remove incorrectly added WebDAV verbs.
+## 20260508
+
+0.18.1: Remove incorrectly added WebDAV verbs.
+
 1. - lib/Net/HTTP/Report.rb
 2. ~ HTTP::VERBS: - require_relative '../Net/HTTP/Report'
 3. ~ HTTP::VERBS::WITH_BODY: - propfind, proppatch, mkcol, copy, move, lock, unlock, report
@@ -59,8 +97,9 @@
 6. ~ HTTP::VERSION: /0.18.0/0.18.1/
 7. ~ CHANGELOG: + 0.18.1 entry
 
-# 20260507
-# 0.18.0: Add all missing HTTP verbs; use meta-programming to define verb methods.
+## 20260507
+0.18.0: Add all missing HTTP verbs; use meta-programming to define verb methods.
+
 1. + HTTP/verbs.rb; including:
      + HTTP::VERBS::WITHOUT_BODY: get, delete, head, options, trace
      + HTTP::VERBS::WITH_BODY: post, put, patch, propfind, proppatch, mkcol, copy, move, lock, unlock, report
@@ -87,8 +126,10 @@
 22. ~ .gitignore: Using a common one with lots of entries.
 23. ~ README.md: /http.rb/http/; Trimmed the Description; Usage has more code blocks, making the comments Markdown sub-sections.
 
-# 20260325
-# 0.17.0: Extract HTTP.request method; consolidate set_headers.
+## 20260325
+
+0.17.0: Extract HTTP.request method; consolidate set_headers.
+
 1. + HTTP.request: Extract common plumbing (connection, SSL, auth, redirect, response) from verb methods.
 2. ~ HTTP.get: Delegate to HTTP.request.
 3. ~ HTTP.delete: Delegate to HTTP.request.
@@ -104,8 +145,10 @@
 13. ~ CHANGELOG.txt: + 0.17.0 entry
 14. ~ http.rb.gemspec: Change date.
 
-# 20250908
-# 0.16.1: Allow any case for the content-type key.
+## 20250908
+
+0.16.1: Allow any case for the content-type key.
+
 1. ~ HTTP.post: Check for any case for content-type key.
 2. ~ HTTP.put: Check for any case for content-type key.
 3. ~ spec/HTTP/post_spec.rb: + specs for different content-type key cases.
@@ -115,8 +158,10 @@
 7. ~ CHANGELOG.txt: + 0.16.1 entry
 8. ~ http.rb.gemspec: Change date.
 
-# 20250809
-# 0.16.0: Allow passing of a raw payload for POST/PUT.
+## 20250809
+
+0.16.0: Allow passing of a raw payload for POST/PUT.
+
 1. ~ HTTP.post: Check for Content-Type and whether a string.
 2. ~ HTTP.put: Check for Content-Type and whether a string.
 3. ~ spec/HTTP/post_spec.rb: + raw form data example
@@ -127,8 +172,10 @@
 8. ~ CHANGELOG.txt: + 0.16.0 entry; Small edit on 0.15.1.
 9. ~ http.rb.gemspec: Change date.
 
-# 20250721
-# 0.15.1: Fix PUT; require delete and put in the load file.
+## 20250721
+
+0.15.1: Fix PUT; require delete and put in the load file.
+
 1. + require 'HTTP/put'
 2. + require 'HTTP/delete'
 3. ~ HTTP/put.rb: Params in the body!
@@ -138,8 +185,10 @@
 5. ~ CHANGELOG.txt
 6. ~ http.rb.gemspec: Change date.
 
-# 20250716
-# 0.15.0: + PUT
+## 20250716
+
+0.15.0: + PUT
+
 1. + HTTP.put
 2. + Net::HTTP::Put#set_headers
 3. + spec/HTTP/put_spec.rb
@@ -147,8 +196,10 @@
 5. ~ CHANGELOG.txt
 6. ~ http.rb.gemspec: Change date.
 
-# 20250711
-# 0.14.0: + DELETE
+## 20250711
+
+0.14.0: + DELETE
+
 1. + HTTP.delete
 2. + Net::HTTP::Delete#set_headers
 3. + spec/HTTP/delete_spec.rb
@@ -158,26 +209,34 @@
 7. ~ CHANGELOG.txt
 8. ~ http.rb.gemspec: Change date.
 
-# 20250501
-# 0.13.3: Handle when there's a redirect to a URL with arguments, so as to not add an additional '?' at the end.
+## 20250501
+
+0.13.3: Handle when there's a redirect to a URL with arguments, so as to not add an additional '?' at the end.
+
 1. ~ HTTP.get: Check if the args hash is empty.
 2. ~ HTTP::VERSION: /0.13.2/0.13.3/
 3. ~ http.rb.gemspec: Change date.
 
-# 202503030
-# 0.13.2: Change repo name to match gem name (/HTTP/http.rb/); + Use HTTP::VERSION; /require/require_relative/
+## 20250330
+
+0.13.2: Change repo name to match gem name (/HTTP/http.rb/); + Use HTTP::VERSION; /require/require_relative/
+
 1. ~ README.md: /HTTP/http.rb/, /HTTP.rb/http.rb/
 2. + HTTP::VERSION
 3. ~ http.rb.gemspec: Use HTTP::VERSION.
 4. ~ HTTP.get: /require/require_relative/
 5. ~ HTTP.post: /require/require_relative/
 
-# 20250304
-# 0.13.1: /HTTP.rb.gemspec/http.rb.gemspec/
+## 20250304
+
+0.13.1: /HTTP.rb.gemspec/http.rb.gemspec/
+
 1. /HTTP.rb.gemspec/http.rb.gemspec/ (Wonder no more!)
 
-# 20250304
-# 0.13.0: Extend Net::HTTPResponse to allow use of predicate methods for statuses and optionally prevent redirections.
+## 20250304
+
+0.13.0: Extend Net::HTTPResponse to allow use of predicate methods for statuses and optionally prevent redirections.
+
 1. + lib/Net/HTTPResponse/StatusPredicates.rb
 2. ~ HTTP/get.rb: + require 'Net/HTTPResponse/StatusPredicates'
 3. ~ HTTP/post.rb: + require 'Net/HTTPResponse/StatusPredicates'
@@ -191,8 +250,10 @@
 11. /http.rb.gemspec/HTTP.rb.gemspec/ (I wonder if that's going to cause issues for rubygems.org...)
 12. ~ CHANGELOG.txt
 
-# 20250207
-# 0.12.1: Correctly handle POST'ing JSON data.
+## 20250207
+
+0.12.1: Correctly handle POST'ing JSON data.
+
 1. ~ HTTP.post(): Check if the Content-Type is 'application/json' and assign the body JSON data otherwise assign the supplied hash to the form data.
 2. ~ spec/HTTP/post_spec.rb: + spec for when a request is being made with JSON data
 3. ~ spec/HTTP/post_spec.rb: Assign a headers variable to make the spec more readable.

data/Rakefile

@@ -1,9 +1,9 @@
 # Rakefile
 
-require 'rspec/core/rake_task'
+require 'rake/testtask'
 
-RSpec::Core::RakeTask.new(:spec) do |t|
-  t.verbose = false
+Rake::TestTask.new do |t|
+  t.test_files = FileList['test/**/*_test.rb']
 end
 
-task default: :spec
+task default: :test

data/http.rb.gemspec

@@ -31,13 +31,14 @@ Gem::Specification.new do |spec|
     'Rakefile',
     'README.md',
     Dir['lib/**/*.rb'],
-    Dir['spec/**/*.rb'],
+    Dir['test/**/*.rb'],
   ].flatten
 
-  spec.development_dependencies = %w{
-    pry
-    rake
-    rspec
-    webmock
-  }
+  spec.development_dependencies = [
+    ['minitest', '~> 6.0'],
+    'minitest-mock',
+    'pry',
+    'rake',
+    'webmock',
+  ]
 end

data/lib/HTTP/RETRY.rb

@@ -69,7 +69,8 @@ module HTTP
       header.to_i
     else
       # Malformed HTTP-date — fall through to caller's backoff.
-      Time.httpdate(header) - Time.now rescue nil
+      delta = Time.httpdate(header) - Time.now rescue nil
+      delta && [delta, 0].max
     end
   end
   module_function :retry_after

data/lib/HTTP/VERSION.rb

@@ -2,5 +2,5 @@
 # HTTP::VERSION
 
 module HTTP
-  VERSION = '0.21.0'
+  VERSION = '0.23.0'
 end

data/lib/HTTP/request.rb

@@ -17,9 +17,10 @@ module HTTP
     http = Net::HTTP.new(uri.host, uri.port)
     no_redirect = options.delete(:no_redirect)
     config = retry_config(options)
-    options[:use_ssl] ||= uri.use_ssl?
-    options[:verify_mode] ||= OpenSSL::SSL::VERIFY_PEER
-    http.options = options
+    http.options = options.merge(
+      use_ssl: (options[:use_ssl] || uri.use_ssl?),
+      verify_mode: (options[:verify_mode] || OpenSSL::SSL::VERIFY_PEER)
+    )
     request_object.headers = headers
     request_object.basic_auth(uri.user, uri.password) if uri.user
     verb = request_object.method.downcase.to_sym
@@ -36,7 +37,7 @@ module HTTP
       elsif no_redirect
         return response
       end
-      redirect_uri = uri.merge(response.header['location'])
+      redirect_uri = uri.merge(response['location'])
       if response.code =~ /^30[78]$/
         data = VERBS::WITH_BODY.include?(verb) ? request_object.body : {}
         response = send(verb, redirect_uri.to_s, data, headers, options, &block)

data/test/HTTP/RETRY_test.rb

@@ -0,0 +1,295 @@
+# test/HTTP/RETRY_test.rb
+
+require_relative '../helper'
+
+describe "retry behaviour" do
+  let(:uri){'http://example.com/path'}
+
+  describe "defaults" do
+    it "does not retry by default" do
+      stub_request(:get, uri).to_return(status: 503)
+      response = HTTP.get(uri)
+      _(response.code.to_i).must_equal(503)
+      assert_requested(:get, uri, times: 1)
+    end
+
+    it "does not retry on a transient exception by default" do
+      stub_request(:get, uri).to_raise(Errno::ECONNRESET)
+      _(->{HTTP.get(uri)}).must_raise(Errno::ECONNRESET)
+      assert_requested(:get, uri, times: 1)
+    end
+  end
+
+  describe "retry on transient exception" do
+    it "retries and succeeds when the failure is transient" do
+      HTTP::RETRY.stub(:sleep, nil) do
+        stub_request(:get, uri).
+          to_raise(Errno::ECONNRESET).then.
+          to_raise(Errno::ECONNRESET).then.
+          to_return(status: 200, body: '')
+        response = HTTP.get(uri, {}, {}, {retries: 3})
+        _(response.success?).must_equal(true)
+        assert_requested(:get, uri, times: 3)
+      end
+    end
+
+    it "re-raises the exception after retries are exhausted" do
+      HTTP::RETRY.stub(:sleep, nil) do
+        stub_request(:get, uri).to_raise(Errno::ECONNRESET)
+        _(->{HTTP.get(uri, {}, {}, {retries: 2})}).must_raise(Errno::ECONNRESET)
+        assert_requested(:get, uri, times: 3)
+      end
+    end
+
+    it "retries on SocketError (DNS failure)" do
+      HTTP::RETRY.stub(:sleep, nil) do
+        stub_request(:get, uri).
+          to_raise(SocketError).then.
+          to_return(status: 200, body: '')
+        response = HTTP.get(uri, {}, {}, {retries: 3})
+        _(response.success?).must_equal(true)
+        assert_requested(:get, uri, times: 2)
+      end
+    end
+
+    it "does not retry on a non-listed exception" do
+      HTTP::RETRY.stub(:sleep, nil) do
+        stub_request(:get, uri).to_raise(OpenSSL::SSL::SSLError)
+        _(->{HTTP.get(uri, {}, {}, {retries: 3})}).must_raise(OpenSSL::SSL::SSLError)
+        assert_requested(:get, uri, times: 1)
+      end
+    end
+  end
+
+  describe "retry on status code" do
+    it "retries on 503 then succeeds" do
+      HTTP::RETRY.stub(:sleep, nil) do
+        stub_request(:get, uri).
+          to_return({status: 503}, {status: 503}, {status: 200, body: ''})
+        response = HTTP.get(uri, {}, {}, {retries: 3})
+        _(response.success?).must_equal(true)
+        assert_requested(:get, uri, times: 3)
+      end
+    end
+
+    it "retries on 502" do
+      HTTP::RETRY.stub(:sleep, nil) do
+        stub_request(:get, uri).to_return({status: 502}, {status: 200, body: ''})
+        response = HTTP.get(uri, {}, {}, {retries: 3})
+        _(response.success?).must_equal(true)
+        assert_requested(:get, uri, times: 2)
+      end
+    end
+
+    it "retries on 504" do
+      HTTP::RETRY.stub(:sleep, nil) do
+        stub_request(:get, uri).to_return({status: 504}, {status: 200, body: ''})
+        response = HTTP.get(uri, {}, {}, {retries: 3})
+        _(response.success?).must_equal(true)
+        assert_requested(:get, uri, times: 2)
+      end
+    end
+
+    it "does not retry on 500 by default" do
+      stub_request(:get, uri).to_return(status: 500)
+      response = HTTP.get(uri, {}, {}, {retries: 3})
+      _(response.code.to_i).must_equal(500)
+      assert_requested(:get, uri, times: 1)
+    end
+
+    it "does not retry on 404" do
+      stub_request(:get, uri).to_return(status: 404)
+      response = HTTP.get(uri, {}, {}, {retries: 3})
+      _(response.code.to_i).must_equal(404)
+      assert_requested(:get, uri, times: 1)
+    end
+
+    it "returns the last response when retries are exhausted" do
+      HTTP::RETRY.stub(:sleep, nil) do
+        stub_request(:get, uri).to_return(status: 503)
+        response = HTTP.get(uri, {}, {}, {retries: 2})
+        _(response.code.to_i).must_equal(503)
+        assert_requested(:get, uri, times: 3)
+      end
+    end
+  end
+
+  describe "Retry-After header" do
+    it "honours integer Retry-After on 429" do
+      received_seconds = nil
+      HTTP::RETRY.stub(:sleep, ->(n){received_seconds = n}) do
+        stub_request(:get, uri).
+          to_return({status: 429, headers: {'Retry-After' => '2'}}, {status: 200, body: ''})
+        response = HTTP.get(uri, {}, {}, {retries: 3})
+        _(response.success?).must_equal(true)
+        _(received_seconds).must_equal(2)
+      end
+    end
+
+    it "honours integer Retry-After on 503" do
+      received_seconds = nil
+      HTTP::RETRY.stub(:sleep, ->(n){received_seconds = n}) do
+        stub_request(:get, uri).
+          to_return({status: 503, headers: {'Retry-After' => '5'}}, {status: 200, body: ''})
+        response = HTTP.get(uri, {}, {}, {retries: 3})
+        _(response.success?).must_equal(true)
+        _(received_seconds).must_equal(5)
+      end
+    end
+  end
+
+  describe "configuration" do
+    it "treats retries: 0 as no retries" do
+      stub_request(:get, uri).to_return(status: 503)
+      response = HTTP.get(uri, {}, {}, {retries: 0})
+      _(response.code.to_i).must_equal(503)
+      assert_requested(:get, uri, times: 1)
+    end
+
+    it "respects a custom retry_status_codes list" do
+      HTTP::RETRY.stub(:sleep, nil) do
+        stub_request(:get, uri).to_return({status: 500}, {status: 200, body: ''})
+        response = HTTP.get(uri, {}, {}, {retries: 3, retry_status_codes: [500]})
+        _(response.success?).must_equal(true)
+        assert_requested(:get, uri, times: 2)
+      end
+    end
+
+    it "respects a custom retry_exceptions list" do
+      HTTP::RETRY.stub(:sleep, nil) do
+        stub_request(:get, uri).
+          to_raise(OpenSSL::SSL::SSLError).then.
+          to_return(status: 200, body: '')
+        response = HTTP.get(uri, {}, {}, {retries: 3, retry_exceptions: [OpenSSL::SSL::SSLError]})
+        _(response.success?).must_equal(true)
+        assert_requested(:get, uri, times: 2)
+      end
+    end
+
+    it "does not pass retry options through to Net::HTTP" do
+      stub_request(:get, uri).to_return(status: 200, body: '')
+      net_http_object = Net::HTTP.new(URI.parse(uri).host, URI.parse(uri).port)
+      received_opts = nil
+      net_http_object.define_singleton_method(:options=){|opts| received_opts = opts}
+      Net::HTTP.stub(:new, net_http_object) do
+        HTTP.get(uri, {}, {}, {
+          retries: 3,
+          retry_delay: 0.1,
+          retry_status_codes: [500],
+          retry_exceptions: [Errno::ECONNRESET],
+          retry_verbs: %i{get}
+        })
+      end
+      _(received_opts).wont_include(:retries)
+      _(received_opts).wont_include(:retry_delay)
+      _(received_opts).wont_include(:retry_status_codes)
+      _(received_opts).wont_include(:retry_exceptions)
+      _(received_opts).wont_include(:retry_verbs)
+    end
+  end
+
+  describe "backoff timing" do
+    it "increases the delay between successive retries" do
+      delays = []
+      HTTP::RETRY.stub(:sleep, ->(d){delays << d}) do
+        stub_request(:get, uri).to_return(status: 503)
+        HTTP.get(uri, {}, {}, {retries: 3, retry_delay: 1.0})
+      end
+      _(delays.length).must_equal(3)
+      _(delays[1]).must_be(:>, delays[0] * 0.8)
+      _(delays[2]).must_be(:>, delays[1] * 0.8)
+    end
+  end
+
+  describe "verb-based retry default" do
+    it "does not retry POST by default even when retries are enabled" do
+      stub_request(:post, uri).to_return(status: 503)
+      HTTP.post(uri, {}, {}, {retries: 3})
+      assert_requested(:post, uri, times: 1)
+    end
+
+    it "does not retry PATCH by default" do
+      stub_request(:patch, uri).to_return(status: 503)
+      HTTP.patch(uri, {}, {}, {retries: 3})
+      assert_requested(:patch, uri, times: 1)
+    end
+
+    it "retries PUT by default (idempotent)" do
+      HTTP::RETRY.stub(:sleep, nil) do
+        stub_request(:put, uri).to_return({status: 503}, {status: 200, body: ''})
+        response = HTTP.put(uri, {}, {}, {retries: 3})
+        _(response.success?).must_equal(true)
+        assert_requested(:put, uri, times: 2)
+      end
+    end
+
+    it "retries DELETE by default (idempotent)" do
+      HTTP::RETRY.stub(:sleep, nil) do
+        stub_request(:delete, uri).to_return({status: 503}, {status: 200, body: ''})
+        response = HTTP.delete(uri, {}, {}, {retries: 3})
+        _(response.success?).must_equal(true)
+        assert_requested(:delete, uri, times: 2)
+      end
+    end
+
+    it "retries POST when opted in via retry_verbs" do
+      HTTP::RETRY.stub(:sleep, nil) do
+        stub_request(:post, uri).to_return({status: 503}, {status: 200, body: ''})
+        response = HTTP.post(uri, {}, {}, {retries: 3, retry_verbs: %i{get post}})
+        _(response.success?).must_equal(true)
+        assert_requested(:post, uri, times: 2)
+      end
+    end
+  end
+end
+
+describe HTTP, ".retry_after" do
+  it "returns integer seconds for a delta-seconds Retry-After header" do
+    response = MockResponse.new(headers_hash: {'Retry-After' => '5'})
+    _(HTTP.retry_after(response)).must_equal(5)
+  end
+
+  it "parses an HTTP-date Retry-After header" do
+    base = Time.utc(2026, 5, 22, 12, 0, 0)
+    retry_at_header = (base + 5).httpdate
+    response = MockResponse.new(headers_hash: {'Retry-After' => retry_at_header})
+    Time.stub(:now, base) do
+      _(HTTP.retry_after(response)).must_be_close_to(5.0, 0.001)
+    end
+  end
+
+  it "returns nil when Retry-After is absent" do
+    response = MockResponse.new(headers_hash: {})
+    _(HTTP.retry_after(response)).must_be_nil
+  end
+
+  it "returns nil when Retry-After is malformed" do
+    response = MockResponse.new(headers_hash: {'Retry-After' => 'not a date'})
+    _(HTTP.retry_after(response)).must_be_nil
+  end
+
+  it "clamps to 0 when the Retry-After HTTP-date is in the past" do
+    base = Time.utc(2026, 5, 22, 12, 0, 0)
+    retry_at_header = (base - 60).httpdate
+    response = MockResponse.new(headers_hash: {'Retry-After' => retry_at_header})
+    Time.stub(:now, base) do
+      _(HTTP.retry_after(response)).must_equal(0)
+    end
+  end
+
+  it "returns nil for a negative integer Retry-After" do
+    response = MockResponse.new(headers_hash: {'Retry-After' => '-5'})
+    _(HTTP.retry_after(response)).must_be_nil
+  end
+end
+
+describe HTTP, ".backoff_delay" do
+  it "grows exponentially with attempt number" do
+    base = 1.0
+    delays = (1..4).map{|attempt| HTTP.backoff_delay(base, attempt)}
+    _(delays[0]).must_be_close_to(1.0, 0.2)
+    _(delays[1]).must_be_close_to(2.0, 0.4)
+    _(delays[2]).must_be_close_to(4.0, 0.8)
+    _(delays[3]).must_be_close_to(8.0, 1.6)
+  end
+end