Skip to content

Commit

Permalink
services: forbid insecure Oracle request redirects
Browse files Browse the repository at this point in the history
  • Loading branch information
@AnnaShaleva
AnnaShaleva committed May 11, 2022
1 parent 2b79a16 commit b92e66d
Showing 1 changed file with 4 additions and 0 deletions.
4 changes: 4 additions & 0 deletions pkg/services/oracle/network.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -90,6 +90,10 @@ func getDefaultClient(cfg config.OracleConfiguration) *http.Client {
if len(via) > maxRedirections { // from https://github.com/neo-project/neo-modules/pull/698
return fmt.Errorf("%w: %d redirections are reached", ErrRestrictedRedirect, maxRedirections)
}
if len(via) > 0 && via[0].URL.Scheme == "https" && req.URL.Scheme != "https" {
lastHop := via[len(via)-1].URL
return fmt.Errorf("%w: redirected from secure URL %s to insecure URL %s", ErrRestrictedRedirect, lastHop, req.URL)
}
return nil
}
return &client
Expand Down

0 comments on commit b92e66d

Please sign in to comment.