Hello,
I was working on a small script to verify the presence of an element through a list of URL, some of these URLs have a redirections from http to https, when the script crawled into them I got the following error:
/usr/lib/ruby/1.9.1/open-uri.rb:216:in `open_loop': redirection forbidden: http://beta.carsdirect.com/auto-loans/finance-app -> https://beta.carsdirect.com/auto-loans/finance-app (RuntimeError)
I understand that this is intentional, as per the comments on open-uri.rb
# This test is intended to forbid a redirection from http://... to
# file:///etc/passwd.
# https to http redirect is also forbidden intentionally.
# It avoids sending secure cookie or referer by non-secure HTTP protocol.
# (RFC 2109 4.3.1, RFC 2965 3.3, RFC 2616 15.1.3)
# However this is ad hoc. It should be extensible/configurable.
This mentions that "https to http" redirects are forbidden intentionally, but redirections from "http to https" are also blocked.
Is there a way to override this security check? currently I had to change the
following line in the library to allow "http to https" re-directions:
(/\A(?:http|ftp)\z/i =~ uri1.scheme && /\A(?:http|ftp)\z/i =~ uri2.scheme)
to
(/\A(?:http|ftp|https)\z/i =~ uri1.scheme && /\A(?:http|ftp|https)\z/i =~ uri2.scheme)
Thanks,
Xavi