luasocket icon indicating copy to clipboard operation
luasocket copied to clipboard

Published 20 hours ago verified publisher icon lunarmodules

limited url redirections

Open Nomarian opened this issue 2 years ago • 2 comments

proposal to change behavior of http.request{redirect=bool} to integer. behavior should mimic curls --max-time

Nomarian avatar Mar 12 '22 06:03 Nomarian

Why should the API mimic curl?

This would be a major change to the current API and there would have to be some significant benefit for it to be considered.

alerque avatar Mar 19 '22 17:03 alerque

It seems like a security vulnerability, I have not looked at the code, but an infinite redirect could happen.

Looking at the code, it seems there's a max redirect limit of 5. having control of this variable would be nice. but that eases my worries.

Nomarian avatar Mar 19 '22 21:03 Nomarian