From: Ben Darnell <ben@bendarnell.com>
Date: Wed, 11 Jul 2018 02:32:57 +0000 (-0400)
Subject: Revert "Revert "_HTTPConnection: check location on _should_follow_redirect() and... 
X-Git-Tag: v6.0.0b1~7^2~2
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=2ca8821d006f6693f920a4b183a3a7c985a5c8ad;p=thirdparty%2Ftornado.git

Revert "Revert "_HTTPConnection: check location on _should_follow_redirect() and retain safe request when following redirects (#2409)""

This reverts commit dda77f2ca3365bd031a0c56dd19c8ed781a0695a.
---

diff --git a/tornado/simple_httpclient.py b/tornado/simple_httpclient.py
index 81a0fd247..6af9dd15c 100644
--- a/tornado/simple_httpclient.py
+++ b/tornado/simple_httpclient.py
@@ -608,6 +608,8 @@ class _HTTPConnection(httputil.HTTPMessageDelegate):
             return (
                 self.code in (301, 302, 303, 307, 308)
                 and self.request.max_redirects > 0
+                and self.headers is not None
+                and self.headers.get("Location") is not None
             )
         return False
 
diff --git a/tornado/test/httpclient_test.py b/tornado/test/httpclient_test.py
index ca7fb5a9d..29319c743 100644
--- a/tornado/test/httpclient_test.py
+++ b/tornado/test/httpclient_test.py
@@ -62,6 +62,13 @@ class RedirectHandler(RequestHandler):
         )
 
 
+class RedirectWithoutLocationHandler(RequestHandler):
+    def prepare(self):
+        # For testing error handling of a redirect with no location header.
+        self.set_status(301)
+        self.finish()
+
+
 class ChunkHandler(RequestHandler):
     @gen.coroutine
     def get(self):
@@ -143,6 +150,7 @@ class HTTPClientCommonTestCase(AsyncHTTPTestCase):
                 url("/post", PostHandler),
                 url("/put", PutHandler),
                 url("/redirect", RedirectHandler),
+                url("/redirect_without_location", RedirectWithoutLocationHandler),
                 url("/chunk", ChunkHandler),
                 url("/auth", AuthHandler),
                 url("/countdown/([0-9]+)", CountdownHandler, name="countdown"),
@@ -291,6 +299,14 @@ Transfer-Encoding: chunked
         self.assertTrue(response.effective_url.endswith("/countdown/0"))
         self.assertEqual(b"Zero", response.body)
 
+    def test_redirect_without_location(self):
+        response = self.fetch("/redirect_without_location", follow_redirects=True)
+        # If there is no location header, the redirect response should
+        # just be returned as-is. (This should arguably raise an
+        # error, but libcurl doesn't treat this as an error, so we
+        # don't either).
+        self.assertEqual(301, response.code)
+
     def test_credentials_in_url(self):
         url = self.get_url("/auth").replace("http://", "http://me:secret@")
         response = self.fetch(url)