Sara/behaviour-tree-test
1
0
Fork 0
Code Issues Pull requests Projects Releases 2 Packages Wiki Activity Actions
behaviour-tree-test/scene/main
History
Dalton Lang 9cb9c28c3c
Make HTTPRequest 301 and 302 Redirects Standards-Compliant 
The behavior of 301 and 302 redirects in the HTTPRequest node are not
standards-compliant. Specifically, requests using unsafe methods were not
being changed to GET and their headers were not being modified. This
means that we were automatically redirecting POST, PUT, etc. requests
with empty bodies and the same headers. This can pose a security risk if
the server expects 301/302 responses to get changed to GET or if the
user doesn't expect unsafe methods to be automatically redirected.

Per
[RFC9110](https://www.rfc-editor.org/rfc/rfc9110#name-redirection-3xx),
the correct behavior is to change the method to GET for 301 and 302
redirections and remove any content headers as well as those related to
security contexts like "Authorization: ".

I have made these changes, so now the 301 and 302 redirects should
change any unsafe methods to GET and remove any sensitive headers.

GET, HEAD, OPTIONS, and TRACE requests that receive a 301 or 302 are
automatically forwarded unchanged since those methods are safe.

Co-authored-by: Fabio Alessandrelli <fabio.alessandrelli@gmail.com>
2026-01-09 14:07:30 +01:00
..
canvas_item.compat.inc Replace global oversampling with overrideable per-viewport oversampling. 2025-04-14 13:43:09 +03:00
canvas_item.cpp Use RequiredParam/RequiredResult in some high value places 2025-12-02 10:44:12 -06:00
canvas_item.h Synchronize the names for RequiredParam<T> arguments in header files 2025-12-03 04:14:52 -06:00
canvas_layer.cpp Rename server "free" functions to "free_rid" to match exposed API 2025-09-30 16:52:25 -07:00
canvas_layer.h Add feature hint string and "On" text for checkable groups 2025-05-21 14:56:55 -07:00
http_request.cpp Make HTTPRequest 301 and 302 Redirects Standards-Compliant 2026-01-09 14:07:30 +01:00
http_request.h Make HTTPRequest 301 and 302 Redirects Standards-Compliant 2026-01-09 14:07:30 +01:00
instance_placeholder.cpp Improve use of Ref.is_null/valid 2024-12-23 16:35:02 -05:00
instance_placeholder.h Style: Replace header guards with #pragma once 2025-03-07 17:33:47 -06:00
missing_node.cpp Add recording_signals to MissingNode 2025-10-09 22:08:59 +02:00
missing_node.h Add recording_signals to MissingNode 2025-10-09 22:08:59 +02:00
multiplayer_api.cpp Remove unused headers in scene. 2024-12-24 00:40:09 +08:00
multiplayer_api.h Remove empty constructors and destructors from scene/ 2025-05-06 14:46:54 +02:00
multiplayer_peer.cpp Fix false positive warning with FixedVector array bounds in gcc. 2025-10-17 13:11:33 +02:00
multiplayer_peer.h Remove empty constructors and destructors from scene/ 2025-05-06 14:46:54 +02:00
node.compat.inc Expose get_rpc_config and get_node_rpc_config 2025-05-27 00:43:21 +02:00
node.cpp Unmark Node::is_editable_instance() parameter as required 2025-12-03 08:34:04 -06:00
node.h Unmark Node::is_editable_instance() parameter as required 2025-12-03 08:34:04 -06:00
resource_preloader.cpp Skip copying values constructed immediately before returning 2025-09-26 19:13:58 -07:00
resource_preloader.h Style: Replace header guards with #pragma once 2025-03-07 17:33:47 -06:00
scene_tree.cpp Use RequiredParam/RequiredResult in some high value places 2025-12-02 10:44:12 -06:00
scene_tree.h Add missing cstdlib include for EXIT_SUCCESS and free 2025-12-16 11:02:07 +01:00
scene_tree_fti.cpp FTI - Fix SceneTreeFTI depth limit behaviour 2025-10-09 10:56:01 +01:00
scene_tree_fti.h FTI - Fix SceneTreeFTI depth limit behaviour 2025-10-09 10:56:01 +01:00
scene_tree_fti_tests.cpp FTI - Optimize SceneTree traversal 2025-05-24 17:38:33 +01:00
scene_tree_fti_tests.h FTI - Optimize SceneTree traversal 2025-05-24 17:38:33 +01:00
SCsub
shader_globals_override.cpp Merge pull request #108507 from dementive/optimize-scene-tree-groups 2025-11-14 14:22:57 -06:00
shader_globals_override.h Remove empty constructors and destructors from scene/ 2025-05-06 14:46:54 +02:00
status_indicator.cpp
status_indicator.h Move server files into their subfolders 2025-09-30 19:39:39 -07:00
timer.cpp Remove display_server.h transitive include from node.h. 2025-10-14 00:43:02 +02:00
timer.h Remove empty constructors and destructors from scene/ 2025-05-06 14:46:54 +02:00
viewport.cpp Add non-public {Line,Text}Edit::_set_text() 2026-01-01 12:00:52 +01:00
viewport.h Add non-public {Line,Text}Edit::_set_text() 2026-01-01 12:00:52 +01:00
window.cpp [Accessibility] Force keyboard focus to the exclusive child. 2026-01-08 08:32:57 +02:00
window.h Add non-public {Line,Text}Edit::_set_text() 2026-01-01 12:00:52 +01:00