TrueCloudLab/neoneo-go
7
0
Fork 2
Code Issues Pull requests Projects Releases Packages Wiki Activity

Merge pull request #2389 from nspcc-dev/oracle/auto-redirect

Browse source 
services: forbid https -> http Oracle request auto-redirect
This commit is contained in:
Roman Khimov 2022-05-11 13:42:29 +03:00 committed by GitHub
commit f3802c3477
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 4 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
pkg/services/oracle/network.go
View file

@ -90,6 +90,10 @@ func getDefaultClient(cfg config.OracleConfiguration) *http.Client {
if len(via) > maxRedirections { // from https://github.com/neo-project/neo-modules/pull/698
return fmt.Errorf("%w: %d redirections are reached", ErrRestrictedRedirect, maxRedirections)
}
if len(via) > 0 && via[0].URL.Scheme == "https" && req.URL.Scheme != "https" {
lastHop := via[len(via)-1].URL
return fmt.Errorf("%w: redirected from secure URL %s to insecure URL %s", ErrRestrictedRedirect, lastHop, req.URL)
}
return nil
}
return &client