fix #1919: PROPFIND request should not redirect to GET request

2026-01-17 08:42:25 +03:00 · 2015-12-09 09:22:18 +01:00
parent e7b55fd6fe
commit 2d73da131d
3 changed files with 34 additions and 3 deletions
--- a/okhttp-tests/src/test/java/com/squareup/okhttp/CallTest.java
+++ b/okhttp-tests/src/test/java/com/squareup/okhttp/CallTest.java
@@ -1377,6 +1377,27 @@ public final class CallTest {
    assertEquals("GET /page2 HTTP/1.1", page2.getRequestLine());
  }

+  @Test public void propfindRedirectsToPropfind() throws Exception {
+    server.enqueue(new MockResponse()
+        .setResponseCode(HttpURLConnection.HTTP_MOVED_TEMP)
+        .addHeader("Location: /page2")
+        .setBody("This page has moved!"));
+    server.enqueue(new MockResponse().setBody("Page 2"));
+
+    Response response = client.newCall(new Request.Builder()
+        .url(server.url("/page1"))
+        .method("PROPFIND", RequestBody.create(MediaType.parse("text/plain"), "Request Body"))
+        .build()).execute();
+    assertEquals("Page 2", response.body().string());
+
+    RecordedRequest page1 = server.takeRequest();
+    assertEquals("PROPFIND /page1 HTTP/1.1", page1.getRequestLine());
+    assertEquals("Request Body", page1.getBody().readUtf8());
+
+    RecordedRequest page2 = server.takeRequest();
+    assertEquals("PROPFIND /page2 HTTP/1.1", page2.getRequestLine());
+  }
+
  @Test public void redirectsDoNotIncludeTooManyCookies() throws Exception {
    server2.enqueue(new MockResponse().setBody("Page 2"));
    server.enqueue(new MockResponse()
--- a/okhttp/src/main/java/com/squareup/okhttp/internal/http/HttpEngine.java
+++ b/okhttp/src/main/java/com/squareup/okhttp/internal/http/HttpEngine.java
@@ -897,6 +897,7 @@ public final class HttpEngine {
        : client.getProxy();
    int responseCode = userResponse.code();

+    final String method = userRequest.method();
    switch (responseCode) {
      case HTTP_PROXY_AUTH:
        if (selectedProxy.type() != Proxy.Type.HTTP) {
@@ -910,7 +911,7 @@ public final class HttpEngine {
      case HTTP_TEMP_REDIRECT:
        // "If the 307 or 308 status code is received in response to a request other than GET
        // or HEAD, the user agent MUST NOT automatically redirect the request"
-        if (!userRequest.method().equals("GET") && !userRequest.method().equals("HEAD")) {
+        if (!method.equals("GET") && !method.equals("HEAD")) {
            return null;
        }
        // fall-through
@@ -934,8 +935,12 @@ public final class HttpEngine {

        // Redirects don't include a request body.
        Request.Builder requestBuilder = userRequest.newBuilder();
-        if (HttpMethod.permitsRequestBody(userRequest.method())) {
-          requestBuilder.method("GET", null);
+        if (HttpMethod.permitsRequestBody(method)) {
+          if (HttpMethod.redirectsToGet(method)) {
+            requestBuilder.method("GET", null);
+          } else {
+            requestBuilder.method(method, null);
+          }
          requestBuilder.removeHeader("Transfer-Encoding");
          requestBuilder.removeHeader("Content-Length");
          requestBuilder.removeHeader("Content-Type");
--- a/okhttp/src/main/java/com/squareup/okhttp/internal/http/HttpMethod.java
+++ b/okhttp/src/main/java/com/squareup/okhttp/internal/http/HttpMethod.java
@@ -41,6 +41,11 @@ public final class HttpMethod {
        || method.equals("LOCK");     // (WebDAV) body: create lock, without body: refresh lock
  }

+  public static boolean redirectsToGet(String method) {
+    // All requests but PROPFIND should redirect to a GET request.
+    return !method.equals("PROPFIND");
+  }
+
  private HttpMethod() {
  }
 }