flywithu/android-library
1
0
Fork 0
mirror of https://github.com/owncloud/android-library.git synced 2025-06-18 13:26:29 +00:00
Code Issues Releases Wiki Activity

Fixed logic of HTTPS downgrade detection for multiple redirections, and grant that redirection if followed for HTTP servers

Browse Source
This commit is contained in:
David A. Velasco 2014-08-06 11:16:17 +02:00
parent 07f3d9caae
commit e43e43f51a
1 changed files with 20 additions and 19 deletions

39
src/com/owncloud/android/lib/resources/status/GetRemoteStatusOperation.java

@ -85,25 +85,26 @@ public class GetRemoteStatusOperation extends RemoteOperation {
get.getResponseHeaders() get.getResponseHeaders()
); );
if (baseUrlSt.startsWith("https://")) { String redirectedLocation = mLatestResult.getRedirectedLocation();
String redirectedLocation = mLatestResult.getRedirectedLocation(); while (redirectedLocation != null && redirectedLocation.length() > 0
while (redirectedLocation != null && redirectedLocation.length() > 0 && !mLatestResult.isSuccess()) {
&& !mLatestResult.isSuccess()) {
isRedirectToNonSecureConnection |= (
isRedirectToNonSecureConnection = redirectedLocation.startsWith("http://"); baseUrlSt.startsWith("https://") &&
get.releaseConnection(); redirectedLocation.startsWith("http://")
get = new GetMethod(redirectedLocation); );
status = client.executeMethod( get.releaseConnection();
get, TRY_CONNECTION_TIMEOUT, TRY_CONNECTION_TIMEOUT get = new GetMethod(redirectedLocation);
); status = client.executeMethod(
mLatestResult = new RemoteOperationResult( get, TRY_CONNECTION_TIMEOUT, TRY_CONNECTION_TIMEOUT
(status == HttpStatus.SC_OK), );
status, mLatestResult = new RemoteOperationResult(
get.getResponseHeaders() (status == HttpStatus.SC_OK),
); status,
redirectedLocation = mLatestResult.getRedirectedLocation(); get.getResponseHeaders()
} );
} redirectedLocation = mLatestResult.getRedirectedLocation();
}
String response = get.getResponseBodyAsString(); String response = get.getResponseBodyAsString();
if (status == HttpStatus.SC_OK) { if (status == HttpStatus.SC_OK) {