services: forbid insecure Oracle request redirects

This commit is contained in:
Anna Shaleva 2022-05-11 07:23:29 +03:00
parent d1588115a2
commit d88ca102c6

View file

@ -90,6 +90,10 @@ func getDefaultClient(cfg config.OracleConfiguration) *http.Client {
if len(via) > maxRedirections { // from https://github.com/neo-project/neo-modules/pull/698 if len(via) > maxRedirections { // from https://github.com/neo-project/neo-modules/pull/698
return fmt.Errorf("%w: %d redirections are reached", ErrRestrictedRedirect, maxRedirections) return fmt.Errorf("%w: %d redirections are reached", ErrRestrictedRedirect, maxRedirections)
} }
if len(via) > 0 && via[0].URL.Scheme == "https" && req.URL.Scheme != "https" {
lastHop := via[len(via)-1].URL
return fmt.Errorf("%w: redirected from secure URL %s to insecure URL %s", ErrRestrictedRedirect, lastHop, req.URL)
}
return nil return nil
} }
return &client return &client