From 463c337d6294dcbdfcba48519a37e37b23614938 Mon Sep 17 00:00:00 2001 From: Alexander Reelsen Date: Wed, 24 May 2017 23:32:57 +0200 Subject: [PATCH] Tests: Ensure HTTPClient does not follow redirects after post Relates elastic/x-pack-elasticsearch#470 Original commit: elastic/x-pack-elasticsearch@5333a65c0edc2cda0e1ce92eb9ecee5039d22d89 --- .../test/http/MockWebServer.java | 6 ++-- .../xpack/common/http/HttpClientTests.java | 36 +++++++++++++++++++ 2 files changed, 40 insertions(+), 2 deletions(-) diff --git a/plugin/src/test/java/org/elasticsearch/test/http/MockWebServer.java b/plugin/src/test/java/org/elasticsearch/test/http/MockWebServer.java index 6e7f1b136a2..c15033a5292 100644 --- a/plugin/src/test/java/org/elasticsearch/test/http/MockWebServer.java +++ b/plugin/src/test/java/org/elasticsearch/test/http/MockWebServer.java @@ -113,8 +113,10 @@ public class MockWebServer implements Closeable { byte[] responseAsBytes = response.getBody().getBytes(StandardCharsets.UTF_8); s.sendResponseHeaders(response.getStatusCode(), responseAsBytes.length); sleepIfNeeded(response.getBodyDelay()); - try (OutputStream responseBody = s.getResponseBody()) { - responseBody.write(responseAsBytes); + if ("HEAD".equals(request.getMethod()) == false) { + try (OutputStream responseBody = s.getResponseBody()) { + responseBody.write(responseAsBytes); + } } } } catch (Exception e) { diff --git a/plugin/src/test/java/org/elasticsearch/xpack/common/http/HttpClientTests.java b/plugin/src/test/java/org/elasticsearch/xpack/common/http/HttpClientTests.java index e8e987c70e6..389078a52a1 100644 --- a/plugin/src/test/java/org/elasticsearch/xpack/common/http/HttpClientTests.java +++ b/plugin/src/test/java/org/elasticsearch/xpack/common/http/HttpClientTests.java @@ -447,4 +447,40 @@ public class HttpClientTests extends ESTestCase { IOException e = expectThrows(IOException.class, () -> httpClient.execute(requestBuilder.build())); assertThat(e.getMessage(), startsWith("Maximum limit of")); } + + public void testThatGetRedirectIsFollowed() throws Exception { + String redirectUrl = "http://" + webServer.getHostName() + ":" + webServer.getPort() + "/foo"; + webServer.enqueue(new MockResponse().setResponseCode(302).addHeader("Location", redirectUrl)); + HttpMethod method = randomFrom(HttpMethod.GET, HttpMethod.HEAD); + + if (method == HttpMethod.GET) { + webServer.enqueue(new MockResponse().setResponseCode(200).setBody("shouldBeRead")); + } else if (method == HttpMethod.HEAD) { + webServer.enqueue(new MockResponse().setResponseCode(200)); + } + + HttpRequest request = HttpRequest.builder("localhost", webServer.getPort()).path("/") + .method(method) + .build(); + HttpResponse response = httpClient.execute(request); + + assertThat(webServer.requests(), hasSize(2)); + if (method == HttpMethod.GET) { + assertThat(response.body().utf8ToString(), is("shouldBeRead")); + } else if (method == HttpMethod.HEAD) { + assertThat(response.body(), is(nullValue())); + } + } + + // not allowed by RFC, only allowed for GET or HEAD + public void testThatPostRedirectIsNotFollowed() throws Exception { + String redirectUrl = "http://" + webServer.getHostName() + ":" + webServer.getPort() + "/foo"; + webServer.enqueue(new MockResponse().setResponseCode(302).addHeader("Location", redirectUrl)); + webServer.enqueue(new MockResponse().setResponseCode(200).setBody("shouldNeverBeRead")); + + HttpRequest request = HttpRequest.builder("localhost", webServer.getPort()).path("/").method(HttpMethod.POST).build(); + HttpResponse response = httpClient.execute(request); + assertThat(response.body(), is(nullValue())); + assertThat(webServer.requests(), hasSize(1)); + } }