Kong / insomnia

The open-source, cross-platform API client for GraphQL, REST, WebSockets, SSE and gRPC. With Cloud, Local and Git storage.
https://insomnia.rest
Apache License 2.0
34.85k stars 1.97k forks source link

Redirection not honored properly #5335

Open thibaultmeyer opened 2 years ago

thibaultmeyer commented 2 years ago

Expected Behavior

Insomnia must switch from POST/PUT to GET method when 303 "See Other" redirection occur (and Following redirection option is enabled).

Actual Behavior

* Preparing request to http://127.0.0.1:9000/upload
* Current time is 2022-10-26T20:00:02.449Z
* Enable automatic URL encoding
* Using default HTTP version
* Enable SSL validation
* Enable cookie sending with jar of 2 cookies
* Hostname 127.0.0.1 was found in DNS cache
*   Trying 127.0.0.1:9000...
* Connected to 127.0.0.1 (127.0.0.1) port 9000 (#13)

> POST /upload HTTP/1.1
> Host: 127.0.0.1:9000
> User-Agent: insomnia/2022.6.0
> Content-Type: multipart/form-data; boundary=X-INSOMNIA-BOUNDARY
> Accept: */*
> Content-Length: 44789

| (43.7 KB hidden)

* We are completely uploaded and fine
* Mark bundle as not supporting multiuse

< HTTP/1.1 303 See Other
< Connection: keep-alive
< Cross-Origin-Resource-Policy: same-origin
< X-XSS-Protection: 1; mode=block
< X-Content-Type-Options: nosniff
< X-Frame-Options: DENY
< Location: /upload
< Content-Length: 0
< Date: Wed, 26 Oct 2022 20:00:02 GMT

* Connection #13 to host 127.0.0.1 left intact
* Issue another request to this URL: 'http://127.0.0.1:9000/upload'
* Switch to GET
* Found bundle for host 127.0.0.1: 0x1efd5b2cd10 [serially]
* Can not multiplex, even if we wanted to!
* Re-using existing connection! (#13) with host 127.0.0.1
* Connected to 127.0.0.1 (127.0.0.1) port 9000 (#13)

> POST /upload HTTP/1.1
> Host: 127.0.0.1:9000
> User-Agent: insomnia/2022.6.0
> Content-Type: multipart/form-data; boundary=X-INSOMNIA-BOUNDARY
> Accept: */*

* Mark bundle as not supporting multiuse

< HTTP/1.1 400 Bad Request
< Connection: keep-alive
< Content-Type: text/html
< Content-Length: 986
< Date: Wed, 26 Oct 2022 20:00:02 GMT

* Received 986 B chunk
* Connection #13 to host 127.0.0.1 left intact

Reproduction Steps

No response

Is there an existing issue for this?

Additional Information

According to HTTP Redirections (developer.mozilla.org), client must switch to GET method when a "See Other" redirection occur.

Code Text Method handling Typical use case
303 See Other GET methods unchanged. Others changed to GET (body lost). Used to redirect after a PUT or a POST, so that refreshing the result page doesn't re-trigger the operation.

Insomnia Version

2021.6.0

What operating system are you using?

Windows

Operating System Version

Windows 11 x64

Installation method

Downloaded from official website

Last Known Working Insomnia version

No response

filfreire commented 2 years ago

Hi @thibaultmeyer, thanks for reporting this.

By any chance, are you able to reproduce this sort of thing if you issue a curl on console and set it to follow redirects?

thibaultmeyer commented 2 years ago

Hi,

Yes, i have other weird issue by using curl directly. Insomnia, in my usecase, lead to a "400 Bad Request" and "curl" to an infinite loop, Because, rather than the message "Switch to GET" is printed, the next query is still POST.

$ curl --version
curl 7.82.0 (x86_64-pc-msys) libcurl/7.82.0 OpenSSL/1.1.1n zlib/1.2.12 brotli/1.0.9 zstd/1.5.2 libidn2/2.3.2 libpsl/0.21.1 (+libidn2/2.3.0) libssh2/1.10.0 nghttp2/1.47.0
Release-Date: 2022-03-05
Protocols: dict file ftp ftps gopher gophers http https imap imaps mqtt pop3 pop3s rtsp scp sftp smb smbs smtp smtps telnet tftp
Features: alt-svc AsynchDNS brotli GSS-API HSTS HTTP2 HTTPS-proxy IDN IPv6 Kerberos Largefile libz NTLM NTLM_WB PSL SPNEGO SSL TLS-SRP UnixSockets zstd
$ curl -vvvvv --location --post303 --url http://127.0.0.1:9000/upload --header 'Content-Type: multipart/form-data' --form 'formFile=@C:\Users\thiba\OneDrive\Pictures\Picture.jpg'

*   Trying 127.0.0.1:9000...
* Connected to 127.0.0.1 (127.0.0.1) port 9000 (#0)
> POST /upload HTTP/1.1
> Host: 127.0.0.1:9000
> User-Agent: curl/7.82.0
> Accept: */*
> Content-Length: 44831
> Content-Type: multipart/form-data; boundary=------------------------d905ed5baf1c91b8
>
* We are completely uploaded and fine
* Mark bundle as not supporting multiuse
< HTTP/1.1 303 See Other
< Connection: keep-alive
< Cross-Origin-Resource-Policy: same-origin
< X-XSS-Protection: 1; mode=block
< X-Content-Type-Options: nosniff
< X-Frame-Options: DENY
< Location: /upload
< Content-Length: 0
< Date: Mon, 31 Oct 2022 18:52:44 GMT
<
* Connection #0 to host 127.0.0.1 left intact
* Issue another request to this URL: 'http://127.0.0.1:9000/upload'
* Switch to GET
* Found bundle for host 127.0.0.1: 0x800091520 [serially]
* Can not multiplex, even if we wanted to!
* Re-using existing connection! (#0) with host 127.0.0.1
* Connected to 127.0.0.1 (127.0.0.1) port 9000 (#0)
> POST /upload HTTP/1.1
> Host: 127.0.0.1:9000
> User-Agent: curl/7.82.0
> Accept: */*
> Content-Type: multipart/form-data
>
* Mark bundle as not supporting multiuse
< HTTP/1.1 303 See Other
< Connection: keep-alive
< Cross-Origin-Resource-Policy: same-origin
< X-XSS-Protection: 1; mode=block
< X-Content-Type-Options: nosniff
< X-Frame-Options: DENY
< Location: /upload
< Content-Length: 0
< Date: Mon, 31 Oct 2022 18:52:44 GMT
<
* Connection #0 to host 127.0.0.1 left intact
* Issue another request to this URL: 'http://127.0.0.1:9000/upload'
* Found bundle for host 127.0.0.1: 0x800091520 [serially]
* Can not multiplex, even if we wanted to!
* Re-using existing connection! (#0) with host 127.0.0.1
* Connected to 127.0.0.1 (127.0.0.1) port 9000 (#0)
> POST /upload HTTP/1.1
> Host: 127.0.0.1:9000
> User-Agent: curl/7.82.0
> Accept: */*
> Content-Type: multipart/form-data
>

...

* We are completely uploaded and fine
* Mark bundle as not supporting multiuse
< HTTP/1.1 303 See Other
< Connection: keep-alive
< Cross-Origin-Resource-Policy: same-origin
< X-XSS-Protection: 1; mode=block
< X-Content-Type-Options: nosniff
< X-Frame-Options: DENY
< Location: /upload
< Content-Length: 0
< Date: Mon, 31 Oct 2022 19:05:17 GMT
<
* Connection #0 to host 127.0.0.1 left intact
* Maximum (50) redirects followed
filfreire commented 2 years ago

I see, thanks @thibaultmeyer

Perhaps it might be a good idea to raise the curl related infinite loop issue on https://github.com/curl/curl repository

As for the bug on Insomnia side, we would likely need to fix this on our node-libcurl dependency

thibaultmeyer commented 2 years ago

Issue open on cURL project : https://github.com/curl/curl/issues/9859

thibaultmeyer commented 2 years ago

hi @filfreire

I have a feedback from the open ticket on cURL, the problem is the use of "-X POST" (or other --postXXX) flag.