| | | 1 | | // Licensed to the .NET Foundation under one or more agreements. |
| | | 2 | | // The .NET Foundation licenses this file to you under the MIT license. |
| | | 3 | | |
| | | 4 | | using System.Diagnostics; |
| | | 5 | | using System.Runtime.CompilerServices; |
| | | 6 | | using System.Threading; |
| | | 7 | | using System.Threading.Tasks; |
| | | 8 | | |
| | | 9 | | namespace System.Net.Http |
| | | 10 | | { |
| | | 11 | | internal sealed class RedirectHandler : HttpMessageHandlerStage |
| | | 12 | | { |
| | | 13 | | private readonly HttpMessageHandlerStage _innerHandler; |
| | | 14 | | private readonly int _maxAutomaticRedirections; |
| | | 15 | | private readonly bool _disableAuthOnRedirect; |
| | | 16 | | |
| | 0 | 17 | | public RedirectHandler(int maxAutomaticRedirections, HttpMessageHandlerStage innerHandler, bool disableAuthOnRed |
| | 0 | 18 | | { |
| | 0 | 19 | | Debug.Assert(innerHandler != null); |
| | 0 | 20 | | Debug.Assert(maxAutomaticRedirections > 0); |
| | | 21 | | |
| | 0 | 22 | | _maxAutomaticRedirections = maxAutomaticRedirections; |
| | 0 | 23 | | _innerHandler = innerHandler; |
| | 0 | 24 | | _disableAuthOnRedirect = disableAuthOnRedirect; |
| | 0 | 25 | | } |
| | | 26 | | |
| | | 27 | | internal override async ValueTask<HttpResponseMessage> SendAsync(HttpRequestMessage request, bool async, Cancell |
| | 0 | 28 | | { |
| | 0 | 29 | | HttpResponseMessage response = await _innerHandler.SendAsync(request, async, cancellationToken).ConfigureAwa |
| | | 30 | | |
| | 0 | 31 | | uint redirectCount = 0; |
| | | 32 | | Uri? redirectUri; |
| | 0 | 33 | | Debug.Assert(request.RequestUri != null); |
| | 0 | 34 | | while ((redirectUri = GetUriForRedirect(request.RequestUri, response)) != null) |
| | 0 | 35 | | { |
| | 0 | 36 | | redirectCount++; |
| | | 37 | | |
| | 0 | 38 | | if (redirectCount > _maxAutomaticRedirections) |
| | 0 | 39 | | { |
| | | 40 | | // If we exceed the maximum number of redirects |
| | | 41 | | // then just return the 3xx response. |
| | 0 | 42 | | if (NetEventSource.Log.IsEnabled()) |
| | 0 | 43 | | { |
| | 0 | 44 | | TraceError($"Exceeded max number of redirects. Redirect from {request.RequestUri} to {redirectUr |
| | 0 | 45 | | } |
| | | 46 | | |
| | 0 | 47 | | break; |
| | | 48 | | } |
| | | 49 | | |
| | 0 | 50 | | response.Dispose(); |
| | | 51 | | |
| | | 52 | | // Clear the authorization header. |
| | 0 | 53 | | request.Headers.Authorization = null; |
| | | 54 | | |
| | 0 | 55 | | if (HttpTelemetry.Log.IsEnabled()) |
| | 0 | 56 | | { |
| | 0 | 57 | | HttpTelemetry.Log.Redirect(redirectUri); |
| | 0 | 58 | | } |
| | 0 | 59 | | if (NetEventSource.Log.IsEnabled()) |
| | 0 | 60 | | { |
| | 0 | 61 | | Trace($"Redirecting from {request.RequestUri} to {redirectUri} in response to status code {(int)resp |
| | 0 | 62 | | } |
| | | 63 | | |
| | | 64 | | // Set up for the redirect |
| | 0 | 65 | | request.RequestUri = redirectUri; |
| | 0 | 66 | | if (RequestRequiresForceGet(response.StatusCode, request.Method)) |
| | 0 | 67 | | { |
| | 0 | 68 | | if (NetEventSource.Log.IsEnabled()) |
| | 0 | 69 | | { |
| | 0 | 70 | | Trace($"Modified request from {request.Method} to {HttpMethod.Get} in response to status code {( |
| | 0 | 71 | | } |
| | | 72 | | |
| | 0 | 73 | | request.Method = HttpMethod.Get; |
| | 0 | 74 | | request.Content = null; |
| | 0 | 75 | | if (request.Headers.TransferEncodingChunked == true) |
| | 0 | 76 | | { |
| | 0 | 77 | | request.Headers.TransferEncodingChunked = false; |
| | 0 | 78 | | } |
| | 0 | 79 | | } |
| | | 80 | | |
| | 0 | 81 | | if (_disableAuthOnRedirect) |
| | 0 | 82 | | { |
| | 0 | 83 | | request.DisableAuth(); |
| | 0 | 84 | | } |
| | | 85 | | |
| | | 86 | | // Issue the redirected request. |
| | 0 | 87 | | response = await _innerHandler.SendAsync(request, async, cancellationToken).ConfigureAwait(false); |
| | 0 | 88 | | } |
| | | 89 | | |
| | 0 | 90 | | return response; |
| | 0 | 91 | | } |
| | | 92 | | |
| | | 93 | | private Uri? GetUriForRedirect(Uri requestUri, HttpResponseMessage response) |
| | 0 | 94 | | { |
| | 0 | 95 | | switch (response.StatusCode) |
| | | 96 | | { |
| | | 97 | | case HttpStatusCode.Moved: |
| | | 98 | | case HttpStatusCode.Found: |
| | | 99 | | case HttpStatusCode.SeeOther: |
| | | 100 | | case HttpStatusCode.TemporaryRedirect: |
| | | 101 | | case HttpStatusCode.MultipleChoices: |
| | | 102 | | case HttpStatusCode.PermanentRedirect: |
| | 0 | 103 | | break; |
| | | 104 | | |
| | | 105 | | default: |
| | 0 | 106 | | return null; |
| | | 107 | | } |
| | | 108 | | |
| | 0 | 109 | | Uri? location = response.Headers.Location; |
| | 0 | 110 | | if (location == null) |
| | 0 | 111 | | { |
| | 0 | 112 | | return null; |
| | | 113 | | } |
| | | 114 | | |
| | | 115 | | // Ensure the redirect location is an absolute URI. |
| | 0 | 116 | | if (!location.IsAbsoluteUri) |
| | 0 | 117 | | { |
| | 0 | 118 | | location = new Uri(requestUri, location); |
| | 0 | 119 | | } |
| | | 120 | | |
| | | 121 | | // Per https://tools.ietf.org/html/rfc7231#section-7.1.2, a redirect location without a |
| | | 122 | | // fragment should inherit the fragment from the original URI. |
| | 0 | 123 | | string requestFragment = requestUri.Fragment; |
| | 0 | 124 | | if (!string.IsNullOrEmpty(requestFragment)) |
| | 0 | 125 | | { |
| | 0 | 126 | | string redirectFragment = location.Fragment; |
| | 0 | 127 | | if (string.IsNullOrEmpty(redirectFragment)) |
| | 0 | 128 | | { |
| | 0 | 129 | | location = new UriBuilder(location) { Fragment = requestFragment }.Uri; |
| | 0 | 130 | | } |
| | 0 | 131 | | } |
| | | 132 | | |
| | | 133 | | // Disallow automatic redirection from secure to non-secure schemes |
| | 0 | 134 | | if (HttpUtilities.IsSupportedSecureScheme(requestUri.Scheme) && !HttpUtilities.IsSupportedSecureScheme(locat |
| | 0 | 135 | | { |
| | 0 | 136 | | if (NetEventSource.Log.IsEnabled()) |
| | 0 | 137 | | { |
| | 0 | 138 | | TraceError($"Insecure https to http redirect from '{requestUri}' to '{location}' blocked.", response |
| | 0 | 139 | | } |
| | | 140 | | |
| | 0 | 141 | | return null; |
| | | 142 | | } |
| | | 143 | | |
| | | 144 | | // Disallow automatic redirection to unsupported schemes |
| | 0 | 145 | | if (!HttpUtilities.IsSupportedScheme(location.Scheme)) |
| | 0 | 146 | | { |
| | 0 | 147 | | if (NetEventSource.Log.IsEnabled()) |
| | 0 | 148 | | { |
| | 0 | 149 | | TraceError($"Redirect from '{requestUri}' to '{location}' blocked due to unsupported scheme '{locati |
| | 0 | 150 | | } |
| | | 151 | | |
| | 0 | 152 | | return null; |
| | | 153 | | } |
| | | 154 | | |
| | 0 | 155 | | return location; |
| | 0 | 156 | | } |
| | | 157 | | |
| | | 158 | | private static bool RequestRequiresForceGet(HttpStatusCode statusCode, HttpMethod requestMethod) |
| | 0 | 159 | | { |
| | 0 | 160 | | switch (statusCode) |
| | | 161 | | { |
| | | 162 | | case HttpStatusCode.Moved: |
| | | 163 | | case HttpStatusCode.Found: |
| | | 164 | | case HttpStatusCode.MultipleChoices: |
| | 0 | 165 | | return requestMethod == HttpMethod.Post; |
| | | 166 | | case HttpStatusCode.SeeOther: |
| | 0 | 167 | | return requestMethod != HttpMethod.Get && requestMethod != HttpMethod.Head; |
| | | 168 | | default: |
| | 0 | 169 | | return false; |
| | | 170 | | } |
| | 0 | 171 | | } |
| | | 172 | | |
| | | 173 | | protected override void Dispose(bool disposing) |
| | 0 | 174 | | { |
| | 0 | 175 | | if (disposing) |
| | 0 | 176 | | { |
| | 0 | 177 | | _innerHandler.Dispose(); |
| | 0 | 178 | | } |
| | | 179 | | |
| | 0 | 180 | | base.Dispose(disposing); |
| | 0 | 181 | | } |
| | | 182 | | |
| | | 183 | | internal void Trace(string message, int requestId, [CallerMemberName] string? memberName = null) => |
| | 0 | 184 | | NetEventSource.Log.HandlerMessage(0, 0, requestId, memberName, ToString() + ": " + message); |
| | | 185 | | |
| | | 186 | | internal void TraceError(string message, int requestId, [CallerMemberName] string? memberName = null) => |
| | 0 | 187 | | NetEventSource.Log.HandlerMessageError(0, 0, requestId, memberName, ToString() + ": " + message); |
| | | 188 | | } |
| | | 189 | | } |