Add handling for non-idempotent methods in redirect handler

ShocOne · ShocOne · commit 49ec25101e89 · 2024-04-01T01:15:47.000+01:00
diff --git a/redirecthandler/redirecthandler.go b/redirecthandler/redirecthandler.go
@@ -49,6 +49,13 @@ func (r *RedirectHandler) WithRedirectHandling(client *http.Client) {
 func (r *RedirectHandler) checkRedirect(req *http.Request, via []*http.Request) error {
 	defer r.clearRedirectHistory(req) // Ensure redirect history is always cleared to prevent memory leaks
 
+	// Non-idempotent methods handling
+	if req.Method == http.MethodPost || req.Method == http.MethodPatch {
+		r.Logger.Warn("Redirect attempted on non-idempotent method, not following", zap.String("method", req.Method))
+		// Stop redirection and return the response as is
+		return http.ErrUseLastResponse
+	}
+
 	// Check for cached permanent redirect
 	if urlString, ok := r.checkPermanentRedirect(req.URL.String()); ok && (req.Method == http.MethodGet || req.Method == http.MethodHead) {
 		parsedURL, err := url.Parse(urlString)
@@ -111,6 +118,13 @@ func (r *RedirectHandler) checkRedirect(req *http.Request, via []*http.Request)
 		return nil
 	}
 
+	// Clear redirect history if redirect is successful
+	if len(via) > 0 && lastResponse.StatusCode >= 200 && lastResponse.StatusCode < 400 {
+		// Clear history for the redirected request
+		redirectedReq := via[len(via)-1]
+		r.clearRedirectHistory(redirectedReq)
+	}
+
 	return http.ErrUseLastResponse // No further action required if not a redirect status code
 }
 
@@ -193,3 +207,11 @@ func (r *RedirectHandler) clearRedirectHistory(req *http.Request) {
 	delete(r.RedirectHistories, req)
 	r.VisitedURLsMutex.Unlock()
 }
+
+// GetRedirectHistory returns the redirect history for a given request.
+func (r *RedirectHandler) GetRedirectHistory(req *http.Request) []*url.URL {
+	r.VisitedURLsMutex.RLock()
+	defer r.VisitedURLsMutex.RUnlock()
+
+	return r.RedirectHistories[req]
+}
