RubyGems - http - Versions diffs - 5.0.0 → 5.0.1 - Mend

http 5.0.0 → 5.0.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (10) hide show

checksums.yaml +4 -4
data/CHANGES.md +25 -0
data/LICENSE.txt +1 -1
data/http.gemspec +1 -1
data/lib/http/request.rb +15 -1
data/lib/http/response.rb +2 -2
data/lib/http/version.rb +1 -1
data/spec/lib/http/redirector_spec.rb +44 -0
data/spec/lib/http/response_spec.rb +20 -7
metadata +5 -5

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: cc5c5ebaa25630442cf182d6cc9925d112dccbfeb4030f07951cfaad72f35bde
-  data.tar.gz: bdb8d0148f8fd0cdb3634ab743db153a998bfa8f8be28295bb8d95bae5833d68
+  metadata.gz: afbab6dd50416f2205ca49ae54217bff2f35e3fcf7738a8a5288644e801b4d42
+  data.tar.gz: f4d7ee837eaeda6cd50ad6cd58dd1b7c125516a98e821d5e176a8591b2f6baff
 SHA512:
-  metadata.gz: d74104f964a90c0d0689df9f5af8082fcd5d4902dfa46bf9bdc22ed1a2a86d48211c29fd42b20c037afee958f89ef1f5e7d442285083f169852ccf31bd522818
-  data.tar.gz: 6bac3882bc504513b6a05eb7facf5823b4f46ea55a737933b75305a336b23a97a21914f77378f8a67d7ab262a3b16ec46c592f224036491254f1bb0363e3d294
+  metadata.gz: 94e587b821c4839152e67d31b704cc9a20ceae5e2bb168893786aeaea32edeee80967678b348f9b2051552ebe3a6e018e1b15ca67c3231bcd51553e78486cd8f
+  data.tar.gz: 1f0dc3544496196b8c1193509b0b3a7bf7152178488ebf071b692288caf44bc59e5edfe382f918b9f6cc4de1dfc43fdf2334ea16ce67787ef3a0ed03b1b5eb52

data/CHANGES.md CHANGED Viewed

@@ -1,3 +1,17 @@
+## 5.0.1 (2021-06-26)
+* [#670](https://github.com/httprb/http/pull/670)
+  Revert `Response#parse` behavior introduced in #540.
+  ([@DannyBen])
+* [#669](https://github.com/httprb/http/pull/669)
+  Prevent bodies from being resubmitted when following unsafe redirects.
+  ([@odinhb])
+* [#664](https://github.com/httprb/http/pull/664)
+  Bump llhttp-ffi to 0.3.0.
+  ([@bryanp])
 ## 5.0.0 (2021-05-12)
 * [#656](https://github.com/httprb/http/pull/656)
@@ -53,6 +67,12 @@
   Preserve header names casing.
   ([@joshuaflanagan])
+* [#540](https://github.com/httprb/http/pull/540)
+  [#538](https://github.com/httprb/http/issues/538)
+  **BREAKING CHANGE**
+  Require explicit MIME type for Response#parse
+  ([@ixti])
 * [#532](https://github.com/httprb/http/pull/532)
   Fix pipes support in request bodies.
   ([@ixti])
@@ -79,6 +99,9 @@
   Drop Ruby 2.3.x support.
   ([@ixti])
+* [3ed0c31](https://github.com/httprb/http/commit/3ed0c318eab6a8c390654cda17bf6df9e963c7d6)
+  Drop Ruby 2.4.x support.
 ## 4.4.0 (2020-03-25)
@@ -887,3 +910,5 @@ end
 [@semenyukdmitry]: https://github.com/semenyukdmitry
 [@bryanp]: https://github.com/bryanp
 [@meanphil]: https://github.com/meanphil
+[@odinhb]: https://github.com/odinhb
+[@DannyBen]: https://github.com/DannyBen

data/LICENSE.txt CHANGED Viewed

@@ -1,4 +1,4 @@
-Copyright (c) 2011-2016 Tony Arcieri, Erik Michaels-Ober, Alexey V. Zapparov, Zachary Anker
+Copyright (c) 2011-2021 Tony Arcieri, Erik Michaels-Ober, Alexey V. Zapparov, Zachary Anker
 Permission is hereby granted, free of charge, to any person obtaining
 a copy of this software and associated documentation files (the

data/http.gemspec CHANGED Viewed

@@ -30,7 +30,7 @@ Gem::Specification.new do |gem|
   gem.add_runtime_dependency "addressable",    "~> 2.3"
   gem.add_runtime_dependency "http-cookie",    "~> 1.0"
   gem.add_runtime_dependency "http-form_data", "~> 2.2"
-  gem.add_runtime_dependency "llhttp-ffi",     "~> 0.0.1"
+  gem.add_runtime_dependency "llhttp-ffi",     "~> 0.3.0"
   gem.add_development_dependency "bundler", "~> 2.0"

data/lib/http/request.rb CHANGED Viewed

@@ -104,12 +104,26 @@ module HTTP
       headers = self.headers.dup
       headers.delete(Headers::HOST)
+      new_body = body.source
+      if verb == :get
+        # request bodies should not always be resubmitted when following a redirect
+        # some servers will close the connection after receiving the request headers
+        # which may cause Errno::ECONNRESET: Connection reset by peer
+        # see https://github.com/httprb/http/issues/649
+        # new_body = Request::Body.new(nil)
+        new_body = nil
+        # the CONTENT_TYPE header causes problems if set on a get request w/ an empty body
+        # the server might assume that there should be content if it is set to multipart
+        # rack raises EmptyContentError if this happens
+        headers.delete(Headers::CONTENT_TYPE)
+      end
       self.class.new(
         :verb           => verb,
         :uri            => @uri.join(uri),
         :headers        => headers,
         :proxy          => proxy,
-        :body           => body.source,
+        :body           => new_body,
         :version        => version,
         :uri_normalizer => uri_normalizer
       )

data/lib/http/response.rb CHANGED Viewed

@@ -156,8 +156,8 @@ module HTTP
     # @param type [#to_s] Parse as given MIME type.
     # @raise (see MimeType.[])
     # @return [Object]
-    def parse(type)
-      MimeType[type].decode to_s
+    def parse(type = nil)
+      MimeType[type || mime_type].decode to_s
     end
     # Inspect a response

data/lib/http/version.rb CHANGED Viewed

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 module HTTP
-  VERSION = "5.0.0"
+  VERSION = "5.0.1"
 end

data/spec/lib/http/redirector_spec.rb CHANGED Viewed

@@ -396,5 +396,49 @@ RSpec.describe HTTP::Redirector do
         end
       end
     end
+    describe "changing verbs during redirects" do
+      let(:options) { {:strict => false} }
+      let(:post_body) { HTTP::Request::Body.new("i might be way longer in real life") }
+      let(:cookie) { "dont eat my cookies" }
+      def a_dangerous_request(verb)
+        HTTP::Request.new(
+          :verb => verb, :uri => "http://example.com",
+          :body => post_body, :headers => {
+            "Content-Type" => "meme",
+            "Cookie"       => cookie
+          }
+        )
+      end
+      def empty_body
+        HTTP::Request::Body.new(nil)
+      end
+      it "follows without body/content type if it has to change verb" do
+        req = a_dangerous_request(:post)
+        res = redirect_response 302, "http://example.com/1"
+        redirector.perform(req, res) do |prev_req, _|
+          expect(prev_req.body).to eq(empty_body)
+          expect(prev_req.headers["Cookie"]).to eq(cookie)
+          expect(prev_req.headers["Content-Type"]).to eq(nil)
+          simple_response 200
+        end
+      end
+      it "leaves body/content-type intact if it does not have to change verb" do
+        req = a_dangerous_request(:post)
+        res = redirect_response 307, "http://example.com/1"
+        redirector.perform(req, res) do |prev_req, _|
+          expect(prev_req.body).to eq(post_body)
+          expect(prev_req.headers["Cookie"]).to eq(cookie)
+          expect(prev_req.headers["Content-Type"]).to eq("meme")
+          simple_response 200
+        end
+      end
+    end
   end
 end

data/spec/lib/http/response_spec.rb CHANGED Viewed

@@ -87,19 +87,32 @@ RSpec.describe HTTP::Response do
   end
   describe "#parse" do
-    let(:headers)   { {"Content-Type" => "application/json"} }
+    let(:headers)   { {"Content-Type" => content_type} }
     let(:body)      { '{"foo":"bar"}' }
-    it "fails if MIME type decoder is not found" do
-      expect { response.parse "text/html" }.to raise_error(HTTP::Error)
+    context "with known content type" do
+      let(:content_type) { "application/json" }
+      it "returns parsed body" do
+        expect(response.parse).to eq "foo" => "bar"
+      end
     end
-    it "uses decoder found by given MIME type" do
-      expect(response.parse("application/json")).to eq("foo" => "bar")
+    context "with unknown content type" do
+      let(:content_type) { "application/deadbeef" }
+      it "raises HTTP::Error" do
+        expect { response.parse }.to raise_error HTTP::Error
+      end
     end
-    it "uses decoder found by given MIME type alias" do
-      expect(response.parse(:json)).to eq("foo" => "bar")
+    context "with explicitly given mime type" do
+      let(:content_type) { "application/deadbeef" }
+      it "ignores mime_type of response" do
+        expect(response.parse("application/json")).to eq "foo" => "bar"
+      end
+      it "supports mime type aliases" do
+        expect(response.parse(:json)).to eq "foo" => "bar"
+      end
     end
   end

metadata CHANGED Viewed

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: http
 version: !ruby/object:Gem::Version
-  version: 5.0.0
+  version: 5.0.1
 platform: ruby
 authors:
 - Tony Arcieri
@@ -11,7 +11,7 @@ authors:
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2021-05-13 00:00:00.000000000 Z
+date: 2021-06-26 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: addressable
@@ -61,14 +61,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.0.1
+        version: 0.3.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.0.1
+        version: 0.3.0
 - !ruby/object:Gem::Dependency
   name: bundler
   requirement: !ruby/object:Gem::Requirement
@@ -191,7 +191,7 @@ metadata:
   source_code_uri: https://github.com/httprb/http
   wiki_uri: https://github.com/httprb/http/wiki
   bug_tracker_uri: https://github.com/httprb/http/issues
-  changelog_uri: https://github.com/httprb/http/blob/v5.0.0/CHANGES.md
+  changelog_uri: https://github.com/httprb/http/blob/v5.0.1/CHANGES.md
 post_install_message:
 rdoc_options: []
 require_paths: