[erlang-bugs] httpc relative redirect bug
Ondřej Adamovský
ondrej.adamovsky@REDACTED
Tue Aug 18 14:31:04 CEST 2015
Hi,
I have stumbled upon a bug in inets application. When a HTTP request
(tested using httpc:request/4 call with {relaxed,true} HTTP option)
returns redirect (e.g. status 302) with relative address in Location
header, it is mishandled. The relative address is simply appended to the
path of the base request, which is OK only if the base path is empty.
The right approach would be:
a) if the relative address starts with /, the base path should be replaced
by the relative one
b) otherwise, the relative path should be appended to base path with the
last segment of the base path removed
I understand the inets application was written according to RFC 2616,
which required the redirect location to be absolute address and the
relative redirect was only an optional expansion. Now, the RFC 2616 is
obsoleted by RFC 7231, which allows for the relative redirects
(https://tools.ietf.org/html/rfc7231#section-7.1.2) and the creation of
the resulting address is specified in RFC 3986
(https://tools.ietf.org/html/rfc3986#section-5.2).
Regards,
Ondřej Adamovský
More information about the erlang-bugs
mailing list