Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

OPA-01-006: http.send follows redirects by default #921

Closed
tsandall opened this issue Aug 30, 2018 · 0 comments
Closed

OPA-01-006: http.send follows redirects by default #921

tsandall opened this issue Aug 30, 2018 · 0 comments
Assignees
@ashutosh-narkar

Comments

@tsandall
Copy link
Member

The http.send built-in function follows redirects by default which policy authors may not expect, thus leading to unexpected policy evaluation results (especially if the http.send inputs are constructed based on query inputs.)

We should make http.send disable redirects by default and expose an option to allow policy authors to explicitly enable them.
@ashutosh-narkar ashutosh-narkar mentioned this issue Sep 4, 2018
Merged
ashutosh-narkar added a commit to ashutosh-narkar/opa that referenced this issue Sep 4, 2018
@ashutosh-narkar
Add option to enable http redirects.
c776b9d 
Fixes open-policy-agent#921

Signed-off-by: Ashutosh Narkar <anarkar4387@gmail.com>
ashutosh-narkar added a commit that referenced this issue Sep 4, 2018
@ashutosh-narkar
Add option to enable http redirects. (#925)
51d5d11 
Fixes #921

Signed-off-by: Ashutosh Narkar <anarkar4387@gmail.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@ashutosh-narkar ashutosh-narkar

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@tsandall @ashutosh-narkar