search

status-im / nim-chronos

Chronos - An efficient library for asynchronous programming
https://status-im.github.io/nim-chronos/docs/chronos
Apache License 2.0
353 stars 51 forks source link

httpclient: The content of HostHeader is incorrect when redirecting to a different host #443

Closed Pylgos closed 1 year ago

Pylgos commented 1 year ago

When redirecting with httpclient.redirect, the new request inherits the original request's headers, so if the hostname of the redirection destination is different from the original hostname, the request will be invalid.

import chronos
import chronos/apps/http/[httptable, httpcommon, httpclient]
import std/uri

proc main {.async.} =
  let req = HttpClientRequestRef.get(
    HttpSessionRef.new(), "https://api.github.com/repos/status-im/nim-chronos/zipball/master").tryGet()
  let resp = await req.send()
  doAssert resp.status == 302

  # BUG HERE
  let redirect = req.redirect(resp.getNewLocation().tryGet()).tryGet()
  echo redirect.address.hostname # -> codeload.github.com
  echo redirect.headers.getString(HostHeader) # -> api.github.com

  await resp.closeWait()
  await req.closeWait()

  # let (status, data) = await redirect.fetch()
  # await redirect.closeWait()

  # echo status # -> 400 bad request

waitFor main()
cheatfate commented 1 year ago

Fixed in 00614476c68f0553432b4bb505e24d6ad5586ae4