Sponge: bring in monkeypatch to override SSL hostname
We force a connection to a pre-resolved IP to avoid being tricked into connecting to a local host, but hosts that use SNI need the hostname in the SSL negotiation instead of an IP. Fixes the problem with CloudFlare blocking requests to medium.com, which prevented the URL canonicalization code from being run when a medium URL was submitted, which prevented us from stripping off those stupid referral codes medium attaches to URLs (which could be stripped out in Story#url= but medium allows custom domains, so that wouldn't work for things like m.signalvnoise.com). Code from Pushover.
This commit is contained in:
parent
0ec9c3a2ac
commit
09a92040ed
|
@ -3,6 +3,34 @@ require "net/https"
|
|||
require "resolv"
|
||||
require "ipaddr"
|
||||
|
||||
module Net
|
||||
class HTTP
|
||||
attr_accessor :address, :custom_conn_address, :skip_close
|
||||
|
||||
def start # :yield: http
|
||||
if block_given? && !skip_close
|
||||
begin
|
||||
do_start
|
||||
return yield(self)
|
||||
ensure
|
||||
do_finish
|
||||
end
|
||||
end
|
||||
do_start
|
||||
self
|
||||
end
|
||||
|
||||
private
|
||||
def conn_address
|
||||
if self.custom_conn_address.to_s != ""
|
||||
self.custom_conn_address
|
||||
else
|
||||
address
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
class Sponge
|
||||
MAX_TIME = 60
|
||||
MAX_DNS_TIME = 5
|
||||
|
@ -121,6 +149,8 @@ class Sponge
|
|||
|
||||
if uri.scheme == "https"
|
||||
host.use_ssl = true
|
||||
host.address = uri.host
|
||||
host.custom_conn_address = ip.to_s
|
||||
host.verify_mode = OpenSSL::SSL::VERIFY_NONE
|
||||
end
|
||||
|
||||
|
|
Loading…
Reference in New Issue