dani0600 commented on PR #624: URL: https://github.com/apache/httpcomponents-client/pull/624#issuecomment-3072820478
Thanks for your work on the latest changes, @ok2c ! I've noticed you've implemented a new check to prevent redirects when requests contain sensitive headers, and also introduced a new `LaxRedirectStrategy` to allow more permissive redirects, this in v5.4. I have a question regarding this code fragment: since `LaxRedirectStrategy` extends `DefaultRedirectStrategy`, and doesn't override the method `isRedirectAllowed()` containing the sensitive header check, wouldn't this mean that using `LaxRedirectStrategy` in a client would still fall back to the `DefaultRedirectStrategy` implementation of that method in the `RedirectExec.execute()` call? In that case, the check would still apply, and redirects would be blocked—even when using the lax strategy. Is this the intended behavior, or could this be an oversight? Thanks in advance for clarifying! PS: Unless I'm missing some configuration, this is happening in some of my tests, I could help you investigate. (Using CloseableHttpClient setting LaxRedirectStrategy into my client) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@hc.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@hc.apache.org For additional commands, e-mail: dev-h...@hc.apache.org
