noahbackus/godot
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 2 Wiki Activity
Files
9cb9c28c3ca4118f7388e8913a94a2e07e624c0d
godot/scene
History
Dalton Lang 9cb9c28c3c Make HTTPRequest 301 and 302 Redirects Standards-Compliant 
The behavior of 301 and 302 redirects in the HTTPRequest node are not
standards-compliant. Specifically, requests using unsafe methods were not
being changed to GET and their headers were not being modified. This
means that we were automatically redirecting POST, PUT, etc. requests
with empty bodies and the same headers. This can pose a security risk if
the server expects 301/302 responses to get changed to GET or if the
user doesn't expect unsafe methods to be automatically redirected.

Per
[RFC9110](https://www.rfc-editor.org/rfc/rfc9110#name-redirection-3xx),
the correct behavior is to change the method to GET for 301 and 302
redirections and remove any content headers as well as those related to
security contexts like "Authorization: ".

I have made these changes, so now the 301 and 302 redirects should
change any unsafe methods to GET and remove any sensitive headers.

GET, HEAD, OPTIONS, and TRACE requests that receive a 301 or 302 are
automatically forwarded unchanged since those methods are safe.

Co-authored-by: Fabio Alessandrelli <fabio.alessandrelli@gmail.com>
2026-01-09 14:07:30 +01:00
..
2d
Remove unused private variables in godot/scene
2025-12-07 03:46:26 -08:00
3d
Merge pull request #113979 from rsanchezsaez/apple/xr-node-warnings
2026-01-09 10:46:33 +01:00
animation
Merge pull request #114487 from TokageItLab/fix-ad-start-animnode
2026-01-06 15:39:39 -06:00
audio
Remove display_server.h transitive include from node.h.
2025-10-14 00:43:02 +02:00
debugger
Make Godot compile with 3D physics disabled again.
2025-12-30 12:19:21 -06:00
gui
Add color theme for scroll hints
2026-01-08 14:10:55 -03:00
main
Make HTTPRequest 301 and 302 Redirects Standards-Compliant
2026-01-09 14:07:30 +01:00
resources
Merge pull request #114032 from syntaxerror247/editor-settings-reg
2026-01-07 01:41:36 +01:00
theme
Add color theme for scroll hints
2026-01-08 14:10:55 -03:00
property_list_helper.cpp
Allow to customize TabContainer tabs in editor
2025-11-22 00:28:59 +01:00
property_list_helper.h
Allow to customize TabContainer tabs in editor
2025-11-22 00:28:59 +01:00
property_utils.cpp
Remove transitive mesh.h, rendering_server.h and shader.h includes from node.h.
2025-10-08 12:16:52 +02:00
property_utils.h
register_scene_types.cpp
Add BoneTwistDisperser3D to propagate IK target's twist
2025-12-02 19:20:26 +09:00
register_scene_types.h
scene_string_names.h
[Window] Add unfiltered input handler signal for custom decorations.
2025-10-12 21:15:46 +03:00
SCsub