Remove unexpected content headers when converting from POST to GET request on 302 redirect response (fixes issue #2883)

This commit is contained in:
Cristian Amarie 2020-04-02 21:05:07 +00:00 committed by Marshall Greenblatt
parent 01f385a6f7
commit 1c14900093
2 changed files with 25 additions and 2 deletions

View File

@ -839,15 +839,26 @@ void InterceptedRequest::ContinueToBeforeRedirect(
request_.url = redirect_info.new_url; request_.url = redirect_info.new_url;
} }
// If request_ changes from POST to GET, strip POST headers.
const bool post_to_get =
request_.method == "POST" &&
redirect_info.new_method == net::HttpRequestHeaders::kGetMethod;
request_.method = redirect_info.new_method; request_.method = redirect_info.new_method;
request_.site_for_cookies = redirect_info.new_site_for_cookies; request_.site_for_cookies = redirect_info.new_site_for_cookies;
request_.referrer = GURL(redirect_info.new_referrer); request_.referrer = GURL(redirect_info.new_referrer);
request_.referrer_policy = redirect_info.new_referrer_policy; request_.referrer_policy = redirect_info.new_referrer_policy;
// The request method can be changed to "GET". In this case we need to // The request method can be changed to "GET". In this case we need to
// reset the request body manually. // reset the request body manually, and strip the POST headers.
if (request_.method == net::HttpRequestHeaders::kGetMethod) if (request_.method == net::HttpRequestHeaders::kGetMethod) {
request_.request_body = nullptr; request_.request_body = nullptr;
if (post_to_get) {
request_.headers.RemoveHeader(net::HttpRequestHeaders::kContentLength);
request_.headers.RemoveHeader(net::HttpRequestHeaders::kContentType);
}
}
} }
void InterceptedRequest::ContinueToResponseStarted(int error_code) { void InterceptedRequest::ContinueToResponseStarted(int error_code) {

View File

@ -1424,6 +1424,18 @@ class RequestServerHandler : public CefServerHandler {
CefRefPtr<CefRequest> request, CefRefPtr<CefRequest> request,
CefRefPtr<CefRequest> redirect_request, CefRefPtr<CefRequest> redirect_request,
CefRefPtr<CefResponse> redirect_response) { CefRefPtr<CefResponse> redirect_response) {
if (redirect_response->GetStatus() == 302) {
// Simulate wrong copying of POST-specific headers Content-Type and
// Content-Length. A 302 redirect should end up in a GET request and
// these headers should not propagate from a 302 POST-to-GET redirect.
CefResponse::HeaderMap redirectHeaderMap;
redirect_response->GetHeaderMap(redirectHeaderMap);
redirectHeaderMap.insert(
std::make_pair("content-type", "application/x-www-form-urlencoded"));
redirectHeaderMap.insert(std::make_pair("content-length", "0"));
redirect_response->SetHeaderMap(redirectHeaderMap);
}
// Verify that the request was sent correctly. // Verify that the request was sent correctly.
TestRequestEqual(redirect_request, request, true); TestRequestEqual(redirect_request, request, true);