class Octokit::Middleware::FollowRedirects

doesn’t support parallelism.
This middleware currently only works with synchronous requests; i.e. it
unchanged.
converted into a GET. For HTTP 301, 302, and 307, the HTTP method remains
For HTTP 303, the original GET, POST, PUT, DELETE, or PATCH request gets
Public: Follow HTTP 301, 302, 303, and 307 redirects.

def call(env)

def call(env)
  perform_with_redirection(env, follow_limit)
end

def convert_to_get?(response)

def convert_to_get?(response)
  !%i[head options].include?(response.env[:method]) &&
    @convert_to_get.include?(response.status)
end

def follow_limit

def follow_limit
  @options.fetch(:limit, FOLLOW_LIMIT)
end

def follow_redirect?(env, response)

def follow_redirect?(env, response)
  ALLOWED_METHODS.include?(env[:method]) &&
    REDIRECT_CODES.include?(response.status)
end

def initialize(app, options = {})

:limit - A Integer redirect limit (default: 3).
options - An options Hash (default: {}):

Public: Initialize the middleware.

def initialize(app, options = {})
  super(app)
  @options = options
  @convert_to_get = Set.new [303]
end

def perform_with_redirection(env, follows)

def perform_with_redirection(env, follows)
  request_body = env[:body]
  response = @app.call(env)
  response.on_complete do |response_env|
    if follow_redirect?(response_env, response)
      raise(RedirectLimitReached, response) if follows.zero?
      new_request_env = update_env(response_env, request_body, response)
      response = perform_with_redirection(new_request_env, follows - 1)
    end
  end
  response
end

def safe_escape(uri)

risk double-escaping.
URI:HTTP using the `+` operator. Doesn't escape "%" characters so to not
component only or a fully-qualified URI so that it can be joined onto a
Internal: Escapes unsafe characters from a URL which might be a path

def safe_escape(uri)
  uri.to_s.gsub(URI_UNSAFE) do |match|
    "%#{match.unpack('H2' * match.bytesize).join('%').upcase}"
  end
end

def same_host?(original_url, redirect_url)

def same_host?(original_url, redirect_url)
  original_uri = Addressable::URI.parse(original_url)
  redirect_uri = Addressable::URI.parse(redirect_url)
  redirect_uri.host.nil? || original_uri.host == redirect_uri.host
end

def update_env(env, request_body, response)

def update_env(env, request_body, response)
  original_url = env[:url]
  env[:url] += safe_escape(response['location'])
  unless same_host?(original_url, env[:url])
    # HACK: Faraday’s Authorization middlewares don’t touch the request if the `Authorization` header is set.
    #       This is a workaround to drop authentication info.
    #       See https://github.com/octokit/octokit.rb/pull/1359#issuecomment-925609697
    env[:request_headers]['Authorization'] = 'dummy'
  end
  if convert_to_get?(response)
    env[:method] = :get
    env[:body] = nil
  else
    env[:body] = request_body
  end
  ENV_TO_CLEAR.each { |key| env.delete(key) }
  env
end

Namespace

Octokit::Middleware

Parent class

Octokit::Middleware::Faraday::Middleware

Instance Methods

Defined in

lib/octokit/middleware/follow_redirects.rb

Modules

Classes