diff options
| author | Idan Horowitz <idan.horowitz@gmail.com> | 2022-02-12 15:42:48 +0200 |
|---|---|---|
| committer | Linus Groh <mail@linusgroh.de> | 2022-02-12 16:15:56 +0000 |
| commit | 721a4a0a67bb821de3e4a1e878fb08b087274f12 (patch) | |
| tree | ac72e7b74ce577e2493f4eabb33acaeb76ebd29c | |
| parent | a99d02e14d791ffe4f3ac2d7a3d25af5c0be70be (diff) | |
| download | serenity-721a4a0a67bb821de3e4a1e878fb08b087274f12.zip | |
LibWeb: Ignore Location headers unless the response status code is 3xx
As per RFC7231 the Location header field has different meanings for
different response status codes:
For 201 (Created) responses, the Location value refers to the primary
resource created by the request.
For 3xx (Redirection) responses, the Location value refers to the
preferred target resource for automatically redirecting the request.
| -rw-r--r-- | Userland/Libraries/LibWeb/Loader/FrameLoader.cpp | 21 | ||||
| -rw-r--r-- | Userland/Libraries/LibWeb/Loader/Resource.h | 2 |
2 files changed, 14 insertions, 9 deletions
diff --git a/Userland/Libraries/LibWeb/Loader/FrameLoader.cpp b/Userland/Libraries/LibWeb/Loader/FrameLoader.cpp index 025b0b160e..e20fe2227b 100644 --- a/Userland/Libraries/LibWeb/Loader/FrameLoader.cpp +++ b/Userland/Libraries/LibWeb/Loader/FrameLoader.cpp @@ -257,17 +257,20 @@ void FrameLoader::resource_did_load() { auto url = resource()->url(); - // FIXME: Also check HTTP status code before redirecting - auto location = resource()->response_headers().get("Location"); - if (location.has_value()) { - if (m_redirects_count > maximum_redirects_allowed) { - m_redirects_count = 0; - load_error_page(url, "Too many redirects"); + // For 3xx (Redirection) responses, the Location value refers to the preferred target resource for automatically redirecting the request. + auto status_code = resource()->status_code(); + if (status_code.has_value() && *status_code >= 300 && *status_code <= 399) { + auto location = resource()->response_headers().get("Location"); + if (location.has_value()) { + if (m_redirects_count > maximum_redirects_allowed) { + m_redirects_count = 0; + load_error_page(url, "Too many redirects"); + return; + } + m_redirects_count++; + load(url.complete_url(location.value()), FrameLoader::Type::Navigation); return; } - m_redirects_count++; - load(url.complete_url(location.value()), FrameLoader::Type::Navigation); - return; } m_redirects_count = 0; diff --git a/Userland/Libraries/LibWeb/Loader/Resource.h b/Userland/Libraries/LibWeb/Loader/Resource.h index feb0c49956..c138da0af4 100644 --- a/Userland/Libraries/LibWeb/Loader/Resource.h +++ b/Userland/Libraries/LibWeb/Loader/Resource.h @@ -49,6 +49,8 @@ public: const HashMap<String, String, CaseInsensitiveStringTraits>& response_headers() const { return m_response_headers; } + [[nodiscard]] Optional<u32> status_code() const { return m_status_code; } + void register_client(Badge<ResourceClient>, ResourceClient&); void unregister_client(Badge<ResourceClient>, ResourceClient&); |