AngleSharp has its own browsing context manipulation capabilities which disable redirections by default for example, but you can even enable them again with a custom Setup method. I thought this was used when requesting imported style sheets, but it has no effect. Reading the code, I take AngleSharp.Css uses other methods that do not involve the browsing context stored in the CssParser when using ParseStyleSheetAsync.
The code I use is something like this (actual complete code is here):
ICssStyleSheet styleSheet = parser.ParseStyleSheet("SOME CSS WITH IMPORT RULE");
using (Task<IDocument> documentTask = styleSheet.Context.OpenAsync(req => req.Content(styleSheet.ToCss())))
{
documentTask.Wait();
IDocument document = documentTask.Result;
styleSheet.SetOwner(document.DocumentElement);
}
using (Task<ICssStyleSheet> styleSheetTask = parser.ParseStyleSheetAsync(styleSheet, CancellationToken.None))
{
styleSheetTask.Wait();
styleSheet = styleSheetTask.Result;
}
// PROCESS styleSheet...
The associated Context is defined in the parser like this:
As per current AngleSharp Default configuration I would not need to set AllowAutoRedirect to false, from what I understand. Anyway, when running ParseStyleSheetAsync, the imports are resolved, the SetupHttpRequest auxiliary method is executed for each request, but if the URL results in a redirection, it is followed. I've set a Python HTTP server with redirects to emulate this.
What I propose is to add the capability of configuring the HTTP request behavior so anyone could set the request timeout, disabling redirects, etc. Which is what I was expecting when defining a browsing context.
Background
I came to this scenario because of situations when the component just issues HTTP requests to a controlled URL which makes the client redirect to an arbitrary different URL. That would categorize as an SSRF vulnerability. Even though it is not the responsibility of AngleSharp.Css to eliminate this scenario, it can help prevent it. In my case, controlling the timeouts is also a need.
If I'm misusing the library, then with an example of code on how to address this need will be sufficient. and this feature request can be discarded.
Specification
Sorry I did not understand if this applies to my request.
New Feature Proposal
Description
AngleSharp has its own browsing context manipulation capabilities which disable redirections by default for example, but you can even enable them again with a custom
Setup
method. I thought this was used when requesting imported style sheets, but it has no effect. Reading the code, I take AngleSharp.Css uses other methods that do not involve the browsing context stored in the CssParser when usingParseStyleSheetAsync
.The code I use is something like this (actual complete code is here):
The associated Context is defined in the parser like this:
As per current AngleSharp Default configuration I would not need to set
AllowAutoRedirect
tofalse
, from what I understand. Anyway, when runningParseStyleSheetAsync
, the imports are resolved, theSetupHttpRequest
auxiliary method is executed for each request, but if the URL results in a redirection, it is followed. I've set a Python HTTP server with redirects to emulate this.What I propose is to add the capability of configuring the HTTP request behavior so anyone could set the request timeout, disabling redirects, etc. Which is what I was expecting when defining a browsing context.
Background
I came to this scenario because of situations when the component just issues HTTP requests to a controlled URL which makes the client redirect to an arbitrary different URL. That would categorize as an SSRF vulnerability. Even though it is not the responsibility of AngleSharp.Css to eliminate this scenario, it can help prevent it. In my case, controlling the timeouts is also a need.
If I'm misusing the library, then with an example of code on how to address this need will be sufficient. and this feature request can be discarded.
Specification
Sorry I did not understand if this applies to my request.