FIX: do not follow redirect on same host with path /login or /session

2024-11-22 08:36:42 +08:00 · 2019-08-07 16:26:03 +05:30 · 2019-08-07 16:26:03 +05:30 · b0e781e2d4
commit b0e781e2d4
parent 6296ae3d31
2 changed files with 20 additions and 1 deletions
--- a/lib/final_destination.rb
+++ b/lib/final_destination.rb
@ -229,10 +229,16 @@ class FinalDestination
    end

    if location
+      redirect_uri = uri(location)
+      if @uri.host == redirect_uri.host && (redirect_uri.path =~ /\/login/ || redirect_uri.path =~ /\/session/)
+        @status = :resolved
+        return @uri
+      end
+
      old_port = @uri.port
      location = "#{location}##{@uri.fragment}" if @preserve_fragment_url && @uri.fragment.present?
      location = "#{@uri.scheme}://#{@uri.host}#{location}" if location[0] == "/"
-      @uri = uri(location)
+      @uri = redirect_uri
      @limit -= 1

      # https redirect, so just cache that whole new domain is https
--- a/spec/components/final_destination_spec.rb
+++ b/spec/components/final_destination_spec.rb
@ -153,6 +153,19 @@ describe FinalDestination do
      end
    end

+    context "with a redirect to login path" do
+      before do
+        redirect_response("https://eviltrout.com/t/xyz/1", "https://eviltrout.com/login")
+      end
+
+      it "does not follow redirect" do
+        final = FinalDestination.new('https://eviltrout.com/t/xyz/1', opts)
+        expect(final.resolve.to_s).to eq('https://eviltrout.com/t/xyz/1')
+        expect(final.redirected?).to eq(false)
+        expect(final.status).to eq(:resolved)
+      end
+    end
+
    context "GET can be forced" do
      before do
        stub_request(:head, 'https://force.get.com/posts?page=4')