Open jsha opened 4 years ago
I recently found that the reqwest library was fetching anything with an unrecognized scheme (like hxxps: or htps: as plain HTTP: https://github.com/seanmonstar/reqwest/issues/919. That was fixed in seanmonstar/reqwest#921.
reqwest
hxxps:
htps:
This crate appears to have the same problem: Because it calls http.enforce_http(false) (https://github.com/hyperium/hyper-tls/blob/7c9adcdebba980ed3d3a6190480fafe37628264e/src/client.rs#L50), there is nothing enforcing that the scheme is either HTTP or HTTPS.
http.enforce_http(false)
this is likely something that needs to be fixed upstream in hyper? cc @seanmonstar
I recently found that the
reqwest
library was fetching anything with an unrecognized scheme (likehxxps:
orhtps:
as plain HTTP: https://github.com/seanmonstar/reqwest/issues/919. That was fixed in seanmonstar/reqwest#921.This crate appears to have the same problem: Because it calls
http.enforce_http(false)
(https://github.com/hyperium/hyper-tls/blob/7c9adcdebba980ed3d3a6190480fafe37628264e/src/client.rs#L50), there is nothing enforcing that the scheme is either HTTP or HTTPS.