From a24a97564a101f19d354c51762e626c12d98c464 Mon Sep 17 00:00:00 2001
From: Chengmo <cmchengmo@163.com>
Date: Fri, 18 Oct 2024 11:29:59 +0800
Subject: [PATCH] Fix Python SSRF ISSUE (#534)

* update

* fix
---
 appbuilder/core/_session.py | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/appbuilder/core/_session.py b/appbuilder/core/_session.py
index be3877e0d..43487cad6 100644
--- a/appbuilder/core/_session.py
+++ b/appbuilder/core/_session.py
@@ -59,16 +59,16 @@ def send(self, request, **kwargs):
 
     @session_post
     def post(self, url, data=None, json=None, **kwargs):
-        return super().post(url=url, data=data, json=json, **kwargs)
+        return super().post(url=url, data=data, json=json, allow_redirects=False, **kwargs)
 
     @session_post
     def delete(self, url, **kwargs):
-        return super().delete(url=url, **kwargs)
+        return super().delete(url=url, allow_redirects=False, **kwargs)
 
     @session_post
     def get(self, url, **kwargs):
-        return super().get(url=url, **kwargs)
+        return super().get(url=url, allow_redirects=False, **kwargs)
 
     @session_post
     def put(self, url, data=None, **kwargs):
-        return super().put(url=url, data=data, **kwargs)
+        return super().put(url=url, data=data, allow_redirects=False, **kwargs)