http 5.0.0 → 5.0.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGES.md +25 -0
- data/LICENSE.txt +1 -1
- data/http.gemspec +1 -1
- data/lib/http/request.rb +15 -1
- data/lib/http/response.rb +2 -2
- data/lib/http/version.rb +1 -1
- data/spec/lib/http/redirector_spec.rb +44 -0
- data/spec/lib/http/response_spec.rb +20 -7
- metadata +5 -5
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: afbab6dd50416f2205ca49ae54217bff2f35e3fcf7738a8a5288644e801b4d42
|
|
4
|
+
data.tar.gz: f4d7ee837eaeda6cd50ad6cd58dd1b7c125516a98e821d5e176a8591b2f6baff
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 94e587b821c4839152e67d31b704cc9a20ceae5e2bb168893786aeaea32edeee80967678b348f9b2051552ebe3a6e018e1b15ca67c3231bcd51553e78486cd8f
|
|
7
|
+
data.tar.gz: 1f0dc3544496196b8c1193509b0b3a7bf7152178488ebf071b692288caf44bc59e5edfe382f918b9f6cc4de1dfc43fdf2334ea16ce67787ef3a0ed03b1b5eb52
|
data/CHANGES.md
CHANGED
|
@@ -1,3 +1,17 @@
|
|
|
1
|
+
## 5.0.1 (2021-06-26)
|
|
2
|
+
|
|
3
|
+
* [#670](https://github.com/httprb/http/pull/670)
|
|
4
|
+
Revert `Response#parse` behavior introduced in #540.
|
|
5
|
+
([@DannyBen])
|
|
6
|
+
|
|
7
|
+
* [#669](https://github.com/httprb/http/pull/669)
|
|
8
|
+
Prevent bodies from being resubmitted when following unsafe redirects.
|
|
9
|
+
([@odinhb])
|
|
10
|
+
|
|
11
|
+
* [#664](https://github.com/httprb/http/pull/664)
|
|
12
|
+
Bump llhttp-ffi to 0.3.0.
|
|
13
|
+
([@bryanp])
|
|
14
|
+
|
|
1
15
|
## 5.0.0 (2021-05-12)
|
|
2
16
|
|
|
3
17
|
* [#656](https://github.com/httprb/http/pull/656)
|
|
@@ -53,6 +67,12 @@
|
|
|
53
67
|
Preserve header names casing.
|
|
54
68
|
([@joshuaflanagan])
|
|
55
69
|
|
|
70
|
+
* [#540](https://github.com/httprb/http/pull/540)
|
|
71
|
+
[#538](https://github.com/httprb/http/issues/538)
|
|
72
|
+
**BREAKING CHANGE**
|
|
73
|
+
Require explicit MIME type for Response#parse
|
|
74
|
+
([@ixti])
|
|
75
|
+
|
|
56
76
|
* [#532](https://github.com/httprb/http/pull/532)
|
|
57
77
|
Fix pipes support in request bodies.
|
|
58
78
|
([@ixti])
|
|
@@ -79,6 +99,9 @@
|
|
|
79
99
|
Drop Ruby 2.3.x support.
|
|
80
100
|
([@ixti])
|
|
81
101
|
|
|
102
|
+
* [3ed0c31](https://github.com/httprb/http/commit/3ed0c318eab6a8c390654cda17bf6df9e963c7d6)
|
|
103
|
+
Drop Ruby 2.4.x support.
|
|
104
|
+
|
|
82
105
|
|
|
83
106
|
## 4.4.0 (2020-03-25)
|
|
84
107
|
|
|
@@ -887,3 +910,5 @@ end
|
|
|
887
910
|
[@semenyukdmitry]: https://github.com/semenyukdmitry
|
|
888
911
|
[@bryanp]: https://github.com/bryanp
|
|
889
912
|
[@meanphil]: https://github.com/meanphil
|
|
913
|
+
[@odinhb]: https://github.com/odinhb
|
|
914
|
+
[@DannyBen]: https://github.com/DannyBen
|
data/LICENSE.txt
CHANGED
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
Copyright (c) 2011-
|
|
1
|
+
Copyright (c) 2011-2021 Tony Arcieri, Erik Michaels-Ober, Alexey V. Zapparov, Zachary Anker
|
|
2
2
|
|
|
3
3
|
Permission is hereby granted, free of charge, to any person obtaining
|
|
4
4
|
a copy of this software and associated documentation files (the
|
data/http.gemspec
CHANGED
|
@@ -30,7 +30,7 @@ Gem::Specification.new do |gem|
|
|
|
30
30
|
gem.add_runtime_dependency "addressable", "~> 2.3"
|
|
31
31
|
gem.add_runtime_dependency "http-cookie", "~> 1.0"
|
|
32
32
|
gem.add_runtime_dependency "http-form_data", "~> 2.2"
|
|
33
|
-
gem.add_runtime_dependency "llhttp-ffi", "~> 0.0
|
|
33
|
+
gem.add_runtime_dependency "llhttp-ffi", "~> 0.3.0"
|
|
34
34
|
|
|
35
35
|
gem.add_development_dependency "bundler", "~> 2.0"
|
|
36
36
|
|
data/lib/http/request.rb
CHANGED
|
@@ -104,12 +104,26 @@ module HTTP
|
|
|
104
104
|
headers = self.headers.dup
|
|
105
105
|
headers.delete(Headers::HOST)
|
|
106
106
|
|
|
107
|
+
new_body = body.source
|
|
108
|
+
if verb == :get
|
|
109
|
+
# request bodies should not always be resubmitted when following a redirect
|
|
110
|
+
# some servers will close the connection after receiving the request headers
|
|
111
|
+
# which may cause Errno::ECONNRESET: Connection reset by peer
|
|
112
|
+
# see https://github.com/httprb/http/issues/649
|
|
113
|
+
# new_body = Request::Body.new(nil)
|
|
114
|
+
new_body = nil
|
|
115
|
+
# the CONTENT_TYPE header causes problems if set on a get request w/ an empty body
|
|
116
|
+
# the server might assume that there should be content if it is set to multipart
|
|
117
|
+
# rack raises EmptyContentError if this happens
|
|
118
|
+
headers.delete(Headers::CONTENT_TYPE)
|
|
119
|
+
end
|
|
120
|
+
|
|
107
121
|
self.class.new(
|
|
108
122
|
:verb => verb,
|
|
109
123
|
:uri => @uri.join(uri),
|
|
110
124
|
:headers => headers,
|
|
111
125
|
:proxy => proxy,
|
|
112
|
-
:body =>
|
|
126
|
+
:body => new_body,
|
|
113
127
|
:version => version,
|
|
114
128
|
:uri_normalizer => uri_normalizer
|
|
115
129
|
)
|
data/lib/http/response.rb
CHANGED
|
@@ -156,8 +156,8 @@ module HTTP
|
|
|
156
156
|
# @param type [#to_s] Parse as given MIME type.
|
|
157
157
|
# @raise (see MimeType.[])
|
|
158
158
|
# @return [Object]
|
|
159
|
-
def parse(type)
|
|
160
|
-
MimeType[type].decode to_s
|
|
159
|
+
def parse(type = nil)
|
|
160
|
+
MimeType[type || mime_type].decode to_s
|
|
161
161
|
end
|
|
162
162
|
|
|
163
163
|
# Inspect a response
|
data/lib/http/version.rb
CHANGED
|
@@ -396,5 +396,49 @@ RSpec.describe HTTP::Redirector do
|
|
|
396
396
|
end
|
|
397
397
|
end
|
|
398
398
|
end
|
|
399
|
+
|
|
400
|
+
describe "changing verbs during redirects" do
|
|
401
|
+
let(:options) { {:strict => false} }
|
|
402
|
+
let(:post_body) { HTTP::Request::Body.new("i might be way longer in real life") }
|
|
403
|
+
let(:cookie) { "dont eat my cookies" }
|
|
404
|
+
|
|
405
|
+
def a_dangerous_request(verb)
|
|
406
|
+
HTTP::Request.new(
|
|
407
|
+
:verb => verb, :uri => "http://example.com",
|
|
408
|
+
:body => post_body, :headers => {
|
|
409
|
+
"Content-Type" => "meme",
|
|
410
|
+
"Cookie" => cookie
|
|
411
|
+
}
|
|
412
|
+
)
|
|
413
|
+
end
|
|
414
|
+
|
|
415
|
+
def empty_body
|
|
416
|
+
HTTP::Request::Body.new(nil)
|
|
417
|
+
end
|
|
418
|
+
|
|
419
|
+
it "follows without body/content type if it has to change verb" do
|
|
420
|
+
req = a_dangerous_request(:post)
|
|
421
|
+
res = redirect_response 302, "http://example.com/1"
|
|
422
|
+
|
|
423
|
+
redirector.perform(req, res) do |prev_req, _|
|
|
424
|
+
expect(prev_req.body).to eq(empty_body)
|
|
425
|
+
expect(prev_req.headers["Cookie"]).to eq(cookie)
|
|
426
|
+
expect(prev_req.headers["Content-Type"]).to eq(nil)
|
|
427
|
+
simple_response 200
|
|
428
|
+
end
|
|
429
|
+
end
|
|
430
|
+
|
|
431
|
+
it "leaves body/content-type intact if it does not have to change verb" do
|
|
432
|
+
req = a_dangerous_request(:post)
|
|
433
|
+
res = redirect_response 307, "http://example.com/1"
|
|
434
|
+
|
|
435
|
+
redirector.perform(req, res) do |prev_req, _|
|
|
436
|
+
expect(prev_req.body).to eq(post_body)
|
|
437
|
+
expect(prev_req.headers["Cookie"]).to eq(cookie)
|
|
438
|
+
expect(prev_req.headers["Content-Type"]).to eq("meme")
|
|
439
|
+
simple_response 200
|
|
440
|
+
end
|
|
441
|
+
end
|
|
442
|
+
end
|
|
399
443
|
end
|
|
400
444
|
end
|
|
@@ -87,19 +87,32 @@ RSpec.describe HTTP::Response do
|
|
|
87
87
|
end
|
|
88
88
|
|
|
89
89
|
describe "#parse" do
|
|
90
|
-
let(:headers) { {"Content-Type" =>
|
|
90
|
+
let(:headers) { {"Content-Type" => content_type} }
|
|
91
91
|
let(:body) { '{"foo":"bar"}' }
|
|
92
92
|
|
|
93
|
-
|
|
94
|
-
|
|
93
|
+
context "with known content type" do
|
|
94
|
+
let(:content_type) { "application/json" }
|
|
95
|
+
it "returns parsed body" do
|
|
96
|
+
expect(response.parse).to eq "foo" => "bar"
|
|
97
|
+
end
|
|
95
98
|
end
|
|
96
99
|
|
|
97
|
-
|
|
98
|
-
|
|
100
|
+
context "with unknown content type" do
|
|
101
|
+
let(:content_type) { "application/deadbeef" }
|
|
102
|
+
it "raises HTTP::Error" do
|
|
103
|
+
expect { response.parse }.to raise_error HTTP::Error
|
|
104
|
+
end
|
|
99
105
|
end
|
|
100
106
|
|
|
101
|
-
|
|
102
|
-
|
|
107
|
+
context "with explicitly given mime type" do
|
|
108
|
+
let(:content_type) { "application/deadbeef" }
|
|
109
|
+
it "ignores mime_type of response" do
|
|
110
|
+
expect(response.parse("application/json")).to eq "foo" => "bar"
|
|
111
|
+
end
|
|
112
|
+
|
|
113
|
+
it "supports mime type aliases" do
|
|
114
|
+
expect(response.parse(:json)).to eq "foo" => "bar"
|
|
115
|
+
end
|
|
103
116
|
end
|
|
104
117
|
end
|
|
105
118
|
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: http
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 5.0.
|
|
4
|
+
version: 5.0.1
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Tony Arcieri
|
|
@@ -11,7 +11,7 @@ authors:
|
|
|
11
11
|
autorequire:
|
|
12
12
|
bindir: bin
|
|
13
13
|
cert_chain: []
|
|
14
|
-
date: 2021-
|
|
14
|
+
date: 2021-06-26 00:00:00.000000000 Z
|
|
15
15
|
dependencies:
|
|
16
16
|
- !ruby/object:Gem::Dependency
|
|
17
17
|
name: addressable
|
|
@@ -61,14 +61,14 @@ dependencies:
|
|
|
61
61
|
requirements:
|
|
62
62
|
- - "~>"
|
|
63
63
|
- !ruby/object:Gem::Version
|
|
64
|
-
version: 0.0
|
|
64
|
+
version: 0.3.0
|
|
65
65
|
type: :runtime
|
|
66
66
|
prerelease: false
|
|
67
67
|
version_requirements: !ruby/object:Gem::Requirement
|
|
68
68
|
requirements:
|
|
69
69
|
- - "~>"
|
|
70
70
|
- !ruby/object:Gem::Version
|
|
71
|
-
version: 0.0
|
|
71
|
+
version: 0.3.0
|
|
72
72
|
- !ruby/object:Gem::Dependency
|
|
73
73
|
name: bundler
|
|
74
74
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -191,7 +191,7 @@ metadata:
|
|
|
191
191
|
source_code_uri: https://github.com/httprb/http
|
|
192
192
|
wiki_uri: https://github.com/httprb/http/wiki
|
|
193
193
|
bug_tracker_uri: https://github.com/httprb/http/issues
|
|
194
|
-
changelog_uri: https://github.com/httprb/http/blob/v5.0.
|
|
194
|
+
changelog_uri: https://github.com/httprb/http/blob/v5.0.1/CHANGES.md
|
|
195
195
|
post_install_message:
|
|
196
196
|
rdoc_options: []
|
|
197
197
|
require_paths:
|