From: garenchan <1412950785@qq.com> Date: Thu, 28 Jun 2018 01:08:41 +0000 (+0800) Subject: _HTTPConnection: check location on _should_follow_redirect() and retain safe request... X-Git-Tag: v5.1.0~5 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=859a038eb9c1af99d3871c9972f0826a1d05475d;p=thirdparty%2Ftornado.git _HTTPConnection: check location on _should_follow_redirect() and retain safe request when following redirects (#2409) --- diff --git a/tornado/simple_httpclient.py b/tornado/simple_httpclient.py index 60b7956fe..03cac3d2a 100644 --- a/tornado/simple_httpclient.py +++ b/tornado/simple_httpclient.py @@ -210,6 +210,7 @@ class SimpleAsyncHTTPClient(AsyncHTTPClient): class _HTTPConnection(httputil.HTTPMessageDelegate): _SUPPORTED_METHODS = set(["GET", "HEAD", "POST", "PUT", "DELETE", "PATCH", "OPTIONS"]) + _SAFE_METHODS = set(["GET", "HEAD", "OPTIONS"]) def __init__(self, client, request, release_callback, final_callback, max_buffer_size, tcp_client, @@ -496,7 +497,8 @@ class _HTTPConnection(httputil.HTTPMessageDelegate): def _should_follow_redirect(self): return (self.request.follow_redirects and self.request.max_redirects > 0 and - self.code in (301, 302, 303, 307, 308)) + self.code in (301, 302, 303, 307, 308) and + self.headers.get("Location") is not None) def finish(self): data = b''.join(self.chunks) @@ -517,8 +519,9 @@ class _HTTPConnection(httputil.HTTPMessageDelegate): # treat 302 the same as 303, and many servers use 302 for # compatibility with pre-HTTP/1.1 user agents which don't # understand the 303 status. - if self.code in (302, 303): - new_request.method = "GET" + if self.code in (301, 302, 303): + if self.request.method not in self._SAFE_METHODS: + new_request.method = "GET" new_request.body = None for h in ["Content-Length", "Content-Type", "Content-Encoding", "Transfer-Encoding"]: