The documentation states that the Ktor Client follows redirects by default: <https://ktor.io/docs/ht...

ribesg

01/10/2024, 9:39 AM

The documentation states that the Ktor Client follows redirects by default: https://ktor.io/docs/http-redirect.html But on receiving HTTP 307 status code from my API I get

io.ktor.client.plugins.RedirectResponseException: Unhandled redirect

. So which is supposed to be right? What am I supposed to do if

followRedirects

is already true?

e5l

01/10/2024, 9:41 AM

Hey, @ribesg. Could you enable log level trace? It should log why the redirect doesn't work

e5l

01/10/2024, 9:43 AM

It may be because of the security downgrade. In this case, you can explicitly install

HttpRedirect

plugin setting

allowHttpsDowngrade

flag: https://api.ktor.io/ktor-client/ktor-client-core/io.ktor.client.plugins/-http-redi[…]https-downgrade.html?query=var%20allowHttpsDowngrade:%20Boolean

ribesg

01/10/2024, 9:46 AM

Actually I think it's the method. 307 and 308 are used instead of 301 and 302 when we want to ask the client to replay the exact same request to a different URL, and here it's a POST request to a /v1/* endpoint that redirects to /v2/* (I mean, it's actually a very old unversionned endpoint. redirecting to the versioned one, but you get it). I'll try with

checkHttpMethod = false

. Both of these configuration values should be part of the documentation though

👍 1

ribesg

01/10/2024, 9:57 AM

Is the security concern with

checkHttpMethod

that the response could have been altered to redirect to a different URL? Maybe a way to allow redirects for "dangerous" methods only if the host matches would be nice. Unless there is a security concern even when redirecting to the same host that I'm not aware of

326 Views

Open in Slack

Previous Next

kotlinlang

A modern programming language that makes developers happier.