checker: judge HTTPS redirect by chain, not FinalURL
All checks were successful
continuous-integration/drone/push Build is passing
All checks were successful
continuous-integration/drone/push Build is passing
The probe stops at scheme-changing redirects, so FinalURL keeps the pre-redirect http:// URL while the chain records the real https:// target. Prefer the last redirect hop's destination so a correct http→https redirect is no longer mis-flagged as no_https_redirect.
This commit is contained in:
parent
93b0292109
commit
f4b8941a3d
2 changed files with 22 additions and 1 deletions
|
|
@ -38,8 +38,13 @@ func (r *httpsRedirectRule) Evaluate(ctx context.Context, obs sdk.ObservationGet
|
|||
// simply not running is fine for redirect-purposes.
|
||||
return
|
||||
}
|
||||
// Prefer the last redirect hop's destination over FinalURL. When the
|
||||
// probe stops at a scheme-changing redirect (http→https), it does not
|
||||
// follow the hop, so FinalURL stays the pre-redirect http:// URL while
|
||||
// the chain records the real https:// target. Judging by FinalURL alone
|
||||
// would mis-flag a correct http→https redirect as no_https_redirect.
|
||||
final := p.FinalURL
|
||||
if final == "" && len(p.RedirectChain) > 0 {
|
||||
if len(p.RedirectChain) > 0 {
|
||||
final = p.RedirectChain[len(p.RedirectChain)-1].To
|
||||
}
|
||||
isHTTPS := false
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue