http 5.0.4 → 5.1.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 92001458b2f36332dfd042ab8750595408d2be8e941ed52be9237e11c071fef7
-  data.tar.gz: de00f9d0a8f59f3af1605f479e503269741c751b397d62d618c8866e58929140
+  metadata.gz: ef55bbff996952784d0917931b8eaa6f12a1adfc9cc480daf098cbc8cd8f6107
+  data.tar.gz: 222f8e8723969f89994fe2a0692c41786e450c200c45b84f5c8418f736254a64
 SHA512:
-  metadata.gz: 63249cd08800a312ffba0ed4b9a508e3890b3088058956e5433c71a60957bfe9985070225855b926d78f5a64c3b587a122c52137788b54e10da65076b39f541f
-  data.tar.gz: 89605690a8dd8ac3bf23447de8a75f90bc37a77d8ff0e85d84b0748daf2cf06b69011d8e19cc4b22067e479decdfc9d8ca46f7fc0495ec90c25a433e10c1eac8
+  metadata.gz: 49b0c9e508fb02fca9d9e8a26d707202c5ac67bbdf73fce15b616b321545a3a32be96eb9e23f4d389687ad1720372eaba4412e18d800c5d29fab5bb0f4bc0d93
+  data.tar.gz: 1b2e22b2b33abe8059e78535556a15c53959b321fb225cd84153d5a8ea608ba4d03ead9cf018720f63b1e7c27c477f8c3f1b151cae60f2d50b6811e7dd9f5bcc

data/.github/workflows/ci.yml

@@ -16,11 +16,11 @@ jobs:
 
     strategy:
       matrix:
-        ruby: [ ruby-2.5, ruby-2.6, ruby-2.7, ruby-3.0 ]
+        ruby: [ ruby-2.6, ruby-2.7, ruby-3.0, ruby-3.1 ]
         os: [ ubuntu-latest ]
 
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v3
 
       - uses: ruby/setup-ruby@v1
         with:
@@ -38,6 +38,26 @@ jobs:
           path-to-lcov: ./coverage/lcov/lcov.info
           parallel: true
 
+  test-flaky:
+    runs-on: ${{ matrix.os }}
+
+    strategy:
+      matrix:
+        ruby: [ jruby-9.3 ]
+        os: [ ubuntu-latest ]
+
+    steps:
+      - uses: actions/checkout@v3
+
+      - uses: ruby/setup-ruby@v1
+        with:
+          ruby-version: ${{ matrix.ruby }}
+          bundler-cache: true
+
+      - name: bundle exec rspec
+        continue-on-error: true
+        run: bundle exec rspec --format progress --force-colour
+
   coveralls:
     needs: test
     runs-on: ubuntu-latest
@@ -52,11 +72,11 @@ jobs:
     runs-on: ubuntu-latest
 
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v3
 
       - uses: ruby/setup-ruby@v1
         with:
-          ruby-version: 2.5
+          ruby-version: 2.6
           bundler-cache: true
 
       - name: bundle exec rubocop

data/.rubocop.yml

@@ -7,4 +7,4 @@ AllCops:
   DefaultFormatter: fuubar
   DisplayCopNames: true
   NewCops: enable
-  TargetRubyVersion: 2.5
+  TargetRubyVersion: 2.6

data/.rubocop_todo.yml

@@ -1,13 +1,21 @@
 # This configuration was generated by
-# `rubocop --auto-gen-config --auto-gen-only-exclude --exclude-limit 42`
-# on 2021-04-10 09:49:03 UTC using RuboCop version 1.12.1.
+# `rubocop --auto-gen-config --auto-gen-only-exclude --exclude-limit 100`
+# on 2022-06-16 14:35:44 UTC using RuboCop version 1.30.1.
 # The point is for the user to remove these configuration records
 # one by one as the offenses are removed from the code base.
 # Note that changes in the inspected code, or installation of new
 # versions of RuboCop, may require this file to be generated again.
 
+# Offense count: 1
+# This cop supports safe autocorrection (--autocorrect).
+# Configuration parameters: Include.
+# Include: **/*.gemspec
+Gemspec/DeprecatedAttributeAssignment:
+  Exclude:
+    - 'http.gemspec'
+
 # Offense count: 53
-# Cop supports --auto-correct.
+# This cop supports safe autocorrection (--autocorrect).
 # Configuration parameters: EnforcedStyle.
 # SupportedStyles: leading, trailing
 Layout/DotPosition:
@@ -22,8 +30,8 @@ Layout/DotPosition:
     - 'spec/lib/http_spec.rb'
     - 'spec/support/http_handling_shared.rb'
 
-# Offense count: 174
-# Cop supports --auto-correct.
+# Offense count: 176
+# This cop supports safe autocorrection (--autocorrect).
 # Configuration parameters: EnforcedStyle, EnforcedStyleForEmptyBraces.
 # SupportedStyles: space, no_space, compact
 # SupportedStylesForEmptyBraces: space, no_space
@@ -66,7 +74,7 @@ Metrics/AbcSize:
     - 'lib/http/request.rb'
     - 'lib/http/response.rb'
 
-# Offense count: 66
+# Offense count: 70
 # Configuration parameters: CountComments, Max, CountAsOne, ExcludedMethods, IgnoredMethods.
 # IgnoredMethods: refine
 Metrics/BlockLength:
@@ -90,6 +98,7 @@ Metrics/BlockLength:
     - 'spec/lib/http/response/parser_spec.rb'
     - 'spec/lib/http/response/status_spec.rb'
     - 'spec/lib/http/response_spec.rb'
+    - 'spec/lib/http/uri_spec.rb'
     - 'spec/lib/http_spec.rb'
     - 'spec/support/http_handling_shared.rb'
 
@@ -109,7 +118,7 @@ Metrics/CyclomaticComplexity:
     - 'lib/http/chainable.rb'
     - 'lib/http/client.rb'
 
-# Offense count: 19
+# Offense count: 18
 # Configuration parameters: CountComments, Max, CountAsOne, ExcludedMethods, IgnoredMethods.
 Metrics/MethodLength:
   Exclude:
@@ -132,8 +141,13 @@ Metrics/ModuleLength:
   Exclude:
     - 'lib/http/chainable.rb'
 
+# Offense count: 1
+Security/CompoundHash:
+  Exclude:
+    - 'lib/http/uri.rb'
+
 # Offense count: 2
-# Cop supports --auto-correct.
+# This cop supports safe autocorrection (--autocorrect).
 # Configuration parameters: EnforcedStyle.
 # SupportedStyles: separated, grouped
 Style/AccessorGrouping:
@@ -141,7 +155,7 @@ Style/AccessorGrouping:
     - 'lib/http/request.rb'
 
 # Offense count: 4
-# Cop supports --auto-correct.
+# This cop supports safe autocorrection (--autocorrect).
 Style/EmptyCaseCondition:
   Exclude:
     - 'lib/http/client.rb'
@@ -150,7 +164,7 @@ Style/EmptyCaseCondition:
     - 'lib/http/response/status.rb'
 
 # Offense count: 5
-# Cop supports --auto-correct.
+# This cop supports safe autocorrection (--autocorrect).
 Style/Encoding:
   Exclude:
     - 'spec/lib/http/client_spec.rb'
@@ -160,7 +174,7 @@ Style/Encoding:
     - 'spec/support/dummy_server/servlet.rb'
 
 # Offense count: 17
-# Configuration parameters: SuspiciousParamNames.
+# Configuration parameters: SuspiciousParamNames, Allowlist.
 # SuspiciousParamNames: options, opts, args, params, parameters
 Style/OptionHash:
   Exclude:
@@ -183,8 +197,8 @@ Style/OptionalBooleanParameter:
     - 'lib/http/uri.rb'
 
 # Offense count: 3
-# Cop supports --auto-correct.
-# Configuration parameters: AutoCorrect, Max, AllowHeredoc, AllowURI, URISchemes, IgnoreCopDirectives, IgnoredPatterns.
+# This cop supports safe autocorrection (--autocorrect).
+# Configuration parameters: Max, AllowHeredoc, AllowURI, URISchemes, IgnoreCopDirectives, AllowedPatterns, IgnoredPatterns.
 # URISchemes: http, https
 Layout/LineLength:
   Exclude:

data/CHANGES.md

@@ -1,3 +1,29 @@
+## 5.1.1 (2022-12-17)
+
+* [#731](https://github.com/httprb/http/pull/731)
+  Strip brackets from IPv6 addresses in `HTTP::URI`.
+  ([@jeraki])
+
+* [#722](https://github.com/httprb/http/pull/722)
+  Add `on_redirect` callback.
+  ([@benubois])
+
+## 5.1.0 (2022-06-17)
+
+* Drop ruby-2.5 support.
+
+* [#715](https://github.com/httprb/http/pull/715)
+  Set default encoding to UTF-8 for `application/json`.
+  ([@drwl])
+
+* [#712](https://github.com/httprb/http/pull/712)
+  Recognize cookies set by redirect.
+  ([@tkellogg])
+
+* [#707](https://github.com/httprb/http/pull/707)
+  Distinguish connection timeouts.
+  ([@YuLeven])
+
 ## 5.0.4 (2021-10-07)
 
 * [#698](https://github.com/httprb/http/pull/698)
@@ -42,7 +68,7 @@
 
 * [#638](https://github.com/httprb/http/pull/638)
   DNS failover handling.
-  ([@midnight-wonderer])  
+  ([@midnight-wonderer])
 
 
 ## 5.0.1 (2021-06-26)
@@ -112,6 +138,7 @@
 
 * [#576](https://github.com/httprb/http/pull/576)
   [#524](https://github.com/httprb/http/issues/524)
+  **BREAKING CHANGE**
   Preserve header names casing.
   ([@joshuaflanagan])
 
@@ -968,3 +995,8 @@ end
 [@matheussilvasantos]: https://github.com/matheussilvasantos
 [@PhilCoggins]: https://github.com/PhilCoggins
 [@flosacca]: https://github.com/flosacca
+[@YuLeven]: https://github.com/YuLeven
+[@drwl]: https://github.com/drwl
+[@tkellogg]: https://github.com/tkellogg
+[@jeraki]: https://github.com/jeraki
+[@benubois]: https://github.com/benubois

data/Gemfile

@@ -27,7 +27,7 @@ group :test do
 
   gem "backports"
 
-  gem "rubocop", "~> 1.21"
+  gem "rubocop", "~> 1.30.0"
   gem "rubocop-performance"
   gem "rubocop-rake"
   gem "rubocop-rspec"

data/LICENSE.txt

@@ -1,4 +1,4 @@
-Copyright (c) 2011-2021 Tony Arcieri, Erik Michaels-Ober, Alexey V. Zapparov, Zachary Anker
+Copyright (c) 2011-2022 Tony Arcieri, Erik Michaels-Ober, Alexey V. Zapparov, Zachary Anker
 
 Permission is hereby granted, free of charge, to any person obtaining
 a copy of this software and associated documentation files (the

data/README.md

@@ -113,7 +113,8 @@ the following Ruby  versions:
 - Ruby 2.6
 - Ruby 2.7
 - Ruby 3.0
-- JRuby 9.2
+- Ruby 3.1
+- JRuby 9.3
 
 If something doesn't work on one of these versions, it's a bug.
 
@@ -141,7 +142,7 @@ dropped.
 
 ## Copyright
 
-Copyright © 2011-2021 Tony Arcieri, Alexey V. Zapparov, Erik Michaels-Ober, Zachary Anker.
+Copyright © 2011-2022 Tony Arcieri, Alexey V. Zapparov, Erik Michaels-Ober, Zachary Anker.
 See LICENSE.txt for further details.
 
 

data/SECURITY.md

@@ -0,0 +1,5 @@
+# Security Policy
+
+## Reporting a Vulnerability
+
+Please report security issues to `bascule@gmail.com`

data/http.gemspec

@@ -25,7 +25,7 @@ Gem::Specification.new do |gem|
   gem.require_paths = ["lib"]
   gem.version       = HTTP::VERSION
 
-  gem.required_ruby_version = ">= 2.5"
+  gem.required_ruby_version = ">= 2.6"
 
   gem.add_runtime_dependency "addressable",    "~> 2.8"
   gem.add_runtime_dependency "http-cookie",    "~> 1.0"
@@ -35,9 +35,10 @@ Gem::Specification.new do |gem|
   gem.add_development_dependency "bundler", "~> 2.0"
 
   gem.metadata = {
-    "source_code_uri" => "https://github.com/httprb/http",
-    "wiki_uri"        => "https://github.com/httprb/http/wiki",
-    "bug_tracker_uri" => "https://github.com/httprb/http/issues",
-    "changelog_uri"   => "https://github.com/httprb/http/blob/v#{HTTP::VERSION}/CHANGES.md"
+    "source_code_uri"       => "https://github.com/httprb/http",
+    "wiki_uri"              => "https://github.com/httprb/http/wiki",
+    "bug_tracker_uri"       => "https://github.com/httprb/http/issues",
+    "changelog_uri"         => "https://github.com/httprb/http/blob/v#{HTTP::VERSION}/CHANGES.md",
+    "rubygems_mfa_required" => "true"
   }
 end

data/lib/http/errors.rb

@@ -19,6 +19,9 @@ module HTTP
   # Generic Timeout error
   class TimeoutError < Error; end
 
+  # Timeout when first establishing the conncetion
+  class ConnectTimeoutError < TimeoutError; end
+
   # Header value is of unexpected format (similar to Net::HTTPHeaderSyntaxError)
   class HeaderError < Error; end
 end

data/lib/http/headers.rb

@@ -111,7 +111,7 @@ module HTTP
     #
     # @return [Hash]
     def to_h
-      keys.map { |k| [k, self[k]] }.to_h
+      keys.to_h { |k| [k, self[k]] }
     end
     alias to_hash to_h
 

data/lib/http/redirector.rb

@@ -40,8 +40,9 @@ module HTTP
     # @option opts [Boolean] :strict (true) redirector hops policy
     # @option opts [#to_i] :max_hops (5) maximum allowed amount of hops
     def initialize(opts = {})
-      @strict   = opts.fetch(:strict, true)
-      @max_hops = opts.fetch(:max_hops, 5).to_i
+      @strict      = opts.fetch(:strict, true)
+      @max_hops    = opts.fetch(:max_hops, 5).to_i
+      @on_redirect = opts.fetch(:on_redirect, nil)
     end
 
     # Follows redirects until non-redirect response found
@@ -49,6 +50,8 @@ module HTTP
       @request  = request
       @response = response
       @visited  = []
+      collect_cookies_from_request
+      collect_cookies_from_response
 
       while REDIRECT_CODES.include? @response.status.code
         @visited << "#{@request.verb} #{@request.uri}"
@@ -59,8 +62,13 @@ module HTTP
         @response.flush
 
         # XXX(ixti): using `Array#inject` to return `nil` if no Location header.
-        @request  = redirect_to(@response.headers.get(Headers::LOCATION).inject(:+))
+        @request = redirect_to(@response.headers.get(Headers::LOCATION).inject(:+))
+        unless cookie_jar.empty?
+          @request.headers.set(Headers::COOKIE, cookie_jar.cookies.map { |c| "#{c.name}=#{c.value}" }.join("; "))
+        end
+        @on_redirect.call @response, @request if @on_redirect.respond_to?(:call)
         @response = yield @request
+        collect_cookies_from_response
       end
 
       @response
@@ -68,6 +76,48 @@ module HTTP
 
     private
 
+    # All known cookies. On the original request, this is only the original cookies, but after that,
+    # Set-Cookie headers can add, set or delete cookies.
+    def cookie_jar
+      # it seems that @response.cookies instance is reused between responses, so we have to "clone"
+      @cookie_jar ||= HTTP::CookieJar.new
+    end
+
+    def collect_cookies_from_request
+      request_cookie_header = @request.headers["Cookie"]
+      cookies =
+        if request_cookie_header
+          HTTP::Cookie.cookie_value_to_hash(request_cookie_header)
+        else
+          {}
+        end
+
+      cookies.each do |key, value|
+        cookie_jar.add(HTTP::Cookie.new(key, value, :path => @request.uri.path, :domain => @request.host))
+      end
+    end
+
+    # Carry cookies from one response to the next. Carrying cookies to the next response ends up
+    # carrying them to the next request as well.
+    #
+    # Note that this isn't part of the IETF standard, but all major browsers support setting cookies
+    # on redirect: https://blog.dubbelboer.com/2012/11/25/302-cookie.html
+    def collect_cookies_from_response
+      # Overwrite previous cookies
+      @response.cookies.each do |cookie|
+        if cookie.value == ""
+          cookie_jar.delete(cookie)
+        else
+          cookie_jar.add(cookie)
+        end
+      end
+
+      # I wish we could just do @response.cookes = cookie_jar
+      cookie_jar.each do |cookie|
+        @response.cookies.add(cookie)
+      end
+    end
+
     # Check if we reached max amount of redirect hops
     # @return [Boolean]
     def too_many_hops?

data/lib/http/response/status.rb

@@ -69,7 +69,7 @@ module HTTP
       #   SYMBOL_CODES[:im_a_teapot]           # => 418
       #
       # @return [Hash<Symbol => Fixnum>]
-      SYMBOL_CODES = SYMBOLS.map { |k, v| [v, k] }.to_h.freeze
+      SYMBOL_CODES = SYMBOLS.to_h { |k, v| [v, k] }.freeze
 
       # @return [Fixnum] status code
       attr_reader :code

data/lib/http/response.rb

@@ -53,7 +53,7 @@ module HTTP
         @body = opts.fetch(:body)
       else
         connection = opts.fetch(:connection)
-        encoding   = opts[:encoding] || charset || Encoding::BINARY
+        encoding = opts[:encoding] || charset || default_encoding
 
         @body = Response::Body.new(connection, :encoding => encoding)
       end
@@ -168,6 +168,12 @@ module HTTP
 
     private
 
+    def default_encoding
+      return Encoding::UTF_8 if mime_type == "application/json"
+
+      Encoding::BINARY
+    end
+
     # Initialize an HTTP::Request from options.
     #
     # @return [HTTP::Request]

data/lib/http/timeout/global.rb

@@ -21,7 +21,7 @@ module HTTP
 
       def connect(socket_class, host, port, nodelay = false)
         reset_timer
-        ::Timeout.timeout(@time_left, TimeoutError) do
+        ::Timeout.timeout(@time_left, ConnectTimeoutError) do
           @socket = socket_class.open(host, port)
           @socket.setsockopt(Socket::IPPROTO_TCP, Socket::TCP_NODELAY, 1) if nodelay
         end

data/lib/http/timeout/per_operation.rb

@@ -20,7 +20,7 @@ module HTTP
       end
 
       def connect(socket_class, host, port, nodelay = false)
-        ::Timeout.timeout(@connect_timeout, TimeoutError) do
+        ::Timeout.timeout(@connect_timeout, ConnectTimeoutError) do
           @socket = socket_class.open(host, port)
           @socket.setsockopt(Socket::IPPROTO_TCP, Socket::TCP_NODELAY, 1) if nodelay
         end

data/lib/http/uri.rb

@@ -9,7 +9,6 @@ module HTTP
     def_delegators :@uri, :scheme, :normalized_scheme, :scheme=
     def_delegators :@uri, :user, :normalized_user, :user=
     def_delegators :@uri, :password, :normalized_password, :password=
-    def_delegators :@uri, :host, :normalized_host, :host=
     def_delegators :@uri, :authority, :normalized_authority, :authority=
     def_delegators :@uri, :origin, :origin=
     def_delegators :@uri, :normalized_port, :port=
@@ -20,6 +19,18 @@ module HTTP
     def_delegators :@uri, :fragment, :normalized_fragment, :fragment=
     def_delegators :@uri, :omit, :join, :normalize
 
+    # Host, either a domain name or IP address. If the host is an IPv6 address, it will be returned
+    # without brackets surrounding it.
+    #
+    # @return [String] The host of the URI
+    attr_reader :host
+
+    # Normalized host, either a domain name or IP address. If the host is an IPv6 address, it will
+    # be returned without brackets surrounding it.
+    #
+    # @return [String] The normalized host of the URI
+    attr_reader :normalized_host
+
     # @private
     HTTP_SCHEME = "http"
 
@@ -83,6 +94,9 @@ module HTTP
       else
         raise TypeError, "expected Hash for options, got #{options_or_uri.class}"
       end
+
+      @host = process_ipv6_brackets(@uri.host)
+      @normalized_host = process_ipv6_brackets(@uri.normalized_host)
     end
 
     # Are these URI objects equal? Normalizes both URIs prior to comparison
@@ -110,6 +124,17 @@ module HTTP
       @hash ||= to_s.hash * -1
     end
 
+    # Sets the host component for the URI.
+    #
+    # @param [String, #to_str] new_host The new host component.
+    # @return [void]
+    def host=(new_host)
+      @uri.host = process_ipv6_brackets(new_host, :brackets => true)
+
+      @host = process_ipv6_brackets(@uri.host)
+      @normalized_host = process_ipv6_brackets(@uri.normalized_host)
+    end
+
     # Port number, either as specified or the default if unspecified
     #
     # @return [Integer] port number
@@ -146,5 +171,25 @@ module HTTP
     def inspect
       format("#<%s:0x%014x URI:%s>", self.class.name, object_id << 1, to_s)
     end
+
+    private
+
+    # Process a URI host, adding or removing surrounding brackets if the host is an IPv6 address.
+    #
+    # @param [Boolean] brackets When true, brackets will be added to IPv6 addresses if missing. When
+    #   false, they will be removed if present.
+    #
+    # @return [String] Host with IPv6 address brackets added or removed
+    def process_ipv6_brackets(raw_host, brackets: false)
+      ip = IPAddr.new(raw_host)
+
+      if ip.ipv6?
+        brackets ? "[#{ip}]" : ip.to_s
+      else
+        raw_host
+      end
+    rescue IPAddr::Error
+      raw_host
+    end
   end
 end

data/lib/http/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module HTTP
-  VERSION = "5.0.4"
+  VERSION = "5.1.1"
 end

data/spec/lib/http/client_spec.rb

@@ -1,10 +1,12 @@
 # coding: utf-8
 # frozen_string_literal: true
 
+require "cgi"
+require "logger"
+
 require "support/http_handling_shared"
 require "support/dummy_server"
 require "support/ssl_helper"
-require "logger"
 
 RSpec.describe HTTP::Client do
   run_server(:dummy) { DummyServer.new }
@@ -389,8 +391,8 @@ RSpec.describe HTTP::Client do
           client.use(:test_feature => feature_instance).
             timeout(0.001).
             request(:post, sleep_url)
-        end.to raise_error(HTTP::TimeoutError)
-        expect(feature_instance.captured_error).to be_a(HTTP::TimeoutError)
+        end.to raise_error(HTTP::ConnectTimeoutError)
+        expect(feature_instance.captured_error).to be_a(HTTP::ConnectTimeoutError)
       end
     end
   end

data/spec/lib/http/redirector_spec.rb

@@ -11,8 +11,12 @@ RSpec.describe HTTP::Redirector do
     )
   end
 
-  def redirect_response(status, location)
-    simple_response status, "", "Location" => location
+  def redirect_response(status, location, set_cookie = {})
+    res = simple_response status, "", "Location" => location
+    set_cookie.each do |name, value|
+      res.headers.add("Set-Cookie", "#{name}=#{value}; path=/; httponly; secure; SameSite=none; Secure")
+    end
+    res
   end
 
   describe "#strict" do
@@ -89,6 +93,87 @@ RSpec.describe HTTP::Redirector do
       expect(res.to_s).to eq "http://example.com/123"
     end
 
+    it "returns cookies in response" do
+      req  = HTTP::Request.new :verb => :head, :uri => "http://example.com"
+      hops = [
+        redirect_response(301, "http://example.com/1", {"foo" => "42"}),
+        redirect_response(301, "http://example.com/2", {"bar" => "53", "deleted" => "foo"}),
+        redirect_response(301, "http://example.com/3", {"baz" => "64", "deleted" => ""}),
+        redirect_response(301, "http://example.com/4", {"baz" => "65"}),
+        simple_response(200, "bar")
+      ]
+
+      request_cookies = [
+        {"foo" => "42"},
+        {"foo" => "42", "bar" => "53", "deleted" => "foo"},
+        {"foo" => "42", "bar" => "53", "baz" => "64"},
+        {"foo" => "42", "bar" => "53", "baz" => "65"}
+      ]
+
+      res = redirector.perform(req, hops.shift) do |request|
+        req_cookie = HTTP::Cookie.cookie_value_to_hash(request.headers["Cookie"] || "")
+        expect(req_cookie).to eq request_cookies.shift
+        hops.shift
+      end
+      expect(res.to_s).to eq "bar"
+      cookies = res.cookies.cookies.to_h { |c| [c.name, c.value] }
+      expect(cookies["foo"]).to eq "42"
+      expect(cookies["bar"]).to eq "53"
+      expect(cookies["baz"]).to eq "65"
+      expect(cookies["deleted"]).to eq nil
+    end
+
+    it "returns original cookies in response" do
+      req = HTTP::Request.new :verb => :head, :uri => "http://example.com"
+      req.headers.set("Cookie", "foo=42; deleted=baz")
+      hops = [
+        redirect_response(301, "http://example.com/1", {"bar" => "64", "deleted" => ""}),
+        simple_response(200, "bar")
+      ]
+
+      request_cookies = [
+        {"foo" => "42", "bar" => "64"},
+        {"foo" => "42", "bar" => "64"}
+      ]
+
+      res = redirector.perform(req, hops.shift) do |request|
+        req_cookie = HTTP::Cookie.cookie_value_to_hash(request.headers["Cookie"] || "")
+        expect(req_cookie).to eq request_cookies.shift
+        hops.shift
+      end
+      expect(res.to_s).to eq "bar"
+      cookies = res.cookies.cookies.to_h { |c| [c.name, c.value] }
+      expect(cookies["foo"]).to eq "42"
+      expect(cookies["bar"]).to eq "64"
+      expect(cookies["deleted"]).to eq nil
+    end
+
+    context "with on_redirect callback" do
+      let(:options) do
+        {
+          :on_redirect => proc do |response, location|
+            @redirect_response = response
+            @redirect_location = location
+          end
+        }
+      end
+
+      it "calls on_redirect" do
+        req = HTTP::Request.new :verb => :head, :uri => "http://example.com"
+        hops = [
+          redirect_response(301, "http://example.com/1"),
+          redirect_response(301, "http://example.com/2"),
+          simple_response(200, "foo")
+        ]
+
+        redirector.perform(req, hops.shift) do |prev_req, _|
+          expect(@redirect_location.uri.to_s).to eq prev_req.uri.to_s
+          expect(@redirect_response.code).to eq 301
+          hops.shift
+        end
+      end
+    end
+
     context "following 300 redirect" do
       context "with strict mode" do
         let(:options) { {:strict => true} }
@@ -400,7 +485,7 @@ RSpec.describe HTTP::Redirector do
     describe "changing verbs during redirects" do
       let(:options) { {:strict => false} }
       let(:post_body) { HTTP::Request::Body.new("i might be way longer in real life") }
-      let(:cookie) { "dont eat my cookies" }
+      let(:cookie) { "dont=eat my cookies" }
 
       def a_dangerous_request(verb)
         HTTP::Request.new(

data/spec/lib/http/response/body_spec.rb

@@ -59,7 +59,7 @@ RSpec.describe HTTP::Response::Body do
     let(:chunks) do
       body = Zlib::Deflate.deflate("Hi, HTTP here ☺")
       len  = body.length
-      [body[0, len / 2], body[(len / 2)..-1]]
+      [body[0, len / 2], body[(len / 2)..]]
     end
     subject(:body) do
       inflater = HTTP::Response::Inflater.new(connection)

data/spec/lib/http/response_spec.rb

@@ -223,4 +223,40 @@ RSpec.describe HTTP::Response do
       end
     end
   end
+
+  describe "#body" do
+    let(:connection) { double(:sequence_id => 0) }
+    let(:chunks)     { ["Hello, ", "World!"] }
+
+    subject(:response) do
+      HTTP::Response.new(
+        :status     => 200,
+        :version    => "1.1",
+        :headers    => headers,
+        :request    => request,
+        :connection => connection
+      )
+    end
+
+    before do
+      allow(connection).to receive(:readpartial) { chunks.shift }
+      allow(connection).to receive(:body_completed?) { chunks.empty? }
+    end
+
+    context "with no Content-Type" do
+      let(:headers) { {} }
+
+      it "returns a body with default binary encoding" do
+        expect(response.body.to_s.encoding).to eq Encoding::BINARY
+      end
+    end
+
+    context "with Content-Type: application/json" do
+      let(:headers) { {"Content-Type" => "application/json"} }
+
+      it "returns a body with a default UTF_8 encoding" do
+        expect(response.body.to_s.encoding).to eq Encoding::UTF_8
+      end
+    end
+  end
 end

data/spec/lib/http/uri_spec.rb

@@ -1,11 +1,15 @@
 # frozen_string_literal: true
 
 RSpec.describe HTTP::URI do
+  let(:example_ipv6_address) { "2606:2800:220:1:248:1893:25c8:1946" }
+
   let(:example_http_uri_string)  { "http://example.com" }
   let(:example_https_uri_string) { "https://example.com" }
+  let(:example_ipv6_uri_string) { "https://[#{example_ipv6_address}]" }
 
   subject(:http_uri)  { described_class.parse(example_http_uri_string) }
   subject(:https_uri) { described_class.parse(example_https_uri_string) }
+  subject(:ipv6_uri) { described_class.parse(example_ipv6_uri_string) }
 
   it "knows URI schemes" do
     expect(http_uri.scheme).to eq "http"
@@ -20,6 +24,41 @@ RSpec.describe HTTP::URI do
     expect(https_uri.port).to eq 443
   end
 
+  describe "#host" do
+    it "strips brackets from IPv6 addresses" do
+      expect(ipv6_uri.host).to eq("2606:2800:220:1:248:1893:25c8:1946")
+    end
+  end
+
+  describe "#normalized_host" do
+    it "strips brackets from IPv6 addresses" do
+      expect(ipv6_uri.normalized_host).to eq("2606:2800:220:1:248:1893:25c8:1946")
+    end
+  end
+
+  describe "#host=" do
+    it "updates cached values for #host and #normalized_host" do
+      expect(http_uri.host).to eq("example.com")
+      expect(http_uri.normalized_host).to eq("example.com")
+
+      http_uri.host = "[#{example_ipv6_address}]"
+
+      expect(http_uri.host).to eq(example_ipv6_address)
+      expect(http_uri.normalized_host).to eq(example_ipv6_address)
+    end
+
+    it "ensures IPv6 addresses are bracketed in the inner Addressable::URI" do
+      expect(http_uri.host).to eq("example.com")
+      expect(http_uri.normalized_host).to eq("example.com")
+
+      http_uri.host = example_ipv6_address
+
+      expect(http_uri.host).to eq(example_ipv6_address)
+      expect(http_uri.normalized_host).to eq(example_ipv6_address)
+      expect(http_uri.instance_variable_get(:@uri).host).to eq("[#{example_ipv6_address}]")
+    end
+  end
+
   describe "#dup" do
     it "doesn't share internal value between duplicates" do
       duplicated_uri = http_uri.dup

data/spec/support/dummy_server/servlet.rb

@@ -1,6 +1,8 @@
 # encoding: UTF-8
 # frozen_string_literal: true
 
+require "cgi"
+
 class DummyServer < WEBrick::HTTPServer
   class Servlet < WEBrick::HTTPServlet::AbstractServlet # rubocop:disable Metrics/ClassLength
     def self.sockets

data/spec/support/http_handling_shared.rb

@@ -77,7 +77,7 @@ RSpec.shared_context "HTTP handling" do
         sleep 1.25
       end
 
-      expect { response }.to raise_error(HTTP::TimeoutError, /execution/)
+      expect { response }.to raise_error(HTTP::ConnectTimeoutError, /execution/)
     end
 
     it "errors if reading takes too long" do

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: http
 version: !ruby/object:Gem::Version
-  version: 5.0.4
+  version: 5.1.1
 platform: ruby
 authors:
 - Tony Arcieri
@@ -11,7 +11,7 @@ authors:
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2021-10-07 00:00:00.000000000 Z
+date: 2022-12-17 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: addressable
@@ -106,6 +106,7 @@ files:
 - LICENSE.txt
 - README.md
 - Rakefile
+- SECURITY.md
 - http.gemspec
 - lib/http.rb
 - lib/http/chainable.rb
@@ -191,7 +192,8 @@ metadata:
   source_code_uri: https://github.com/httprb/http
   wiki_uri: https://github.com/httprb/http/wiki
   bug_tracker_uri: https://github.com/httprb/http/issues
-  changelog_uri: https://github.com/httprb/http/blob/v5.0.4/CHANGES.md
+  changelog_uri: https://github.com/httprb/http/blob/v5.1.1/CHANGES.md
+  rubygems_mfa_required: 'true'
 post_install_message:
 rdoc_options: []
 require_paths:
@@ -200,7 +202,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
-      version: '2.5'
+      version: '2.6'
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="