h2non/gentleman

Enhance redirect plugin to allow for trusted hosts

caseyhadden opened this issue · 2 comments

We're using the gentleman client to make calls to 1st party services that can result in redirects. Initially, we were using the 'Trusted' field of the plugin to ensure that any headers were forwarded. For security purposes, we wanted to add a capability and limit header forwarding to only our 1st party services so any potential redirection to a 3rd party service wouldn't end up exposing sensitive information. In order to accomplish this, we created a fork of the redirect plugin that includes a field for a list of trusted host suffixes before doing the header copying.

It would be great to have that feature as part of the upstream gentleman, and I'd be happy to put together a PR for it if there is interest. But I wanted to open an issue and check on feasibility before just dropping a PR on your doorstep.

Thanks!

h2non commented

PRs are welcome!

It looks like this issue can be closed due to #56 being merged.