Fix 403 forbidden error when following redirect#229
Fix 403 forbidden error when following redirect#229fezster wants to merge 1 commit intonylonee:mainfrom
Conversation
📝 WalkthroughWalkthroughThe pull request optimizes the Docker build process with a multi-stage build pattern that improves caching efficiency and updates the runtime base image from OpenJDK to Eclipse Temurin, while also removing the Host header from HTTP client requests. Changes
Estimated code review effort🎯 2 (Simple) | ⏱️ ~8 minutes Poem
🚥 Pre-merge checks | ✅ 3✅ Passed checks (3 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
There was a problem hiding this comment.
Actionable comments posted: 1
🤖 Fix all issues with AI agents
In `@src/main/scala/http/HttpClient.scala`:
- Around line 23-26: The current FollowRedirect usage sets sensitiveHeaderFilter
= _ => true which forwards all sensitive headers to every redirect; update the
filter used in FollowRedirect (the call that constructs
FollowRedirect[IO](maxRedirects = 10, sensitiveHeaderFilter = ...)(c)) to only
allow sensitive headers for same-origin redirects or a trusted-host whitelist:
implement a predicate that compares the original request URI host (and
scheme/port if needed) against the redirect target host and returns true only
when they match (or when the redirect host is in a configured trustedDomains
set), and pass that predicate as sensitiveHeaderFilter so
Authorization/Cookie/X-Api-Key/X-Plex-Token are not sent to cross-origin
redirects.
Remove Host header which is rejected when redirect followed. Instead, let http4s set the Host header
Description
Fix 403 forbidden error when following redirect.
Remove Host header which is rejected when redirect followed. Instead, let http4s set the Host header
Checklist
sbt scalafmtAllRun (and optionallysbt scalafmtSbt)Summary by CodeRabbit
Release Notes
✏️ Tip: You can customize this high-level summary in your review settings.