module OpenURI
Public Class Methods
default_redirectable?(uri1, uri2)
click to toggle source
The is a bug in Ruby’s implementation of OpenURI
that prevents redirects from HTTP -> HTTPS. That should totally be a valid redirect, so we override that method here and call it a day.
Note: this does NOT permit HTTPS -> HTTP redirects, as that would be a major security hole in the fabric of space-time!
# File lib/omnibus/core_extensions/open_uri.rb, line 13 def default_redirectable?(uri1, uri2) a, b = uri1.scheme.downcase, uri2.scheme.downcase a == b || (a == "http" && b == "https") end
Also aliased as: redirectable?, redirectable?
open_uri(name, *rest, &block)
click to toggle source
# File lib/omnibus/core_extensions/open_uri.rb, line 42 def open_uri(name, *rest, &block) options = rest.find { |arg| arg.is_a?(Hash) } || {} if options.delete(:allow_unsafe_redirects) class << self alias_method :redirectable?, :unsafe_redirectable? end end original_open_uri(name, *rest, &block) ensure class << self alias_method :redirectable?, :default_redirectable? end end
Also aliased as: original_open_uri
original_open_uri(name, *rest, &block)
Override the default open_uri
method to search for our custom option to permit unsafe redirects.
@example
open('http://example.com', allow_unsafe_redirects: true)
Alias for: open_uri
unsafe_redirectable?(uri1, uri2)
click to toggle source
Permit all redirects.
Note: this DOES permit HTTP -> HTTP redirects, and that is a major security hole!
@return [true]
# File lib/omnibus/core_extensions/open_uri.rb, line 28 def unsafe_redirectable?(uri1, uri2) a, b = uri1.scheme.downcase, uri2.scheme.downcase a == b || (a == "http" && b == "https") || (a == "https" && b == "http") end
Also aliased as: redirectable?