Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

HttpClient doesn't redirect even when AllowAutoRedirect = true

I'm trying to parse a wikispaces page but I'm not able to get the actual page. I'm not sure if its a HttpClient bug or some missing configuration.

This is my code:

HttpClientHandler handler = new HttpClientHandler();
handler.AllowAutoRedirect = true;
_httpClient = new HttpClient(handler);

HttpResponseMessage response = await _httpClient
    .GetAsync("http://medivia.wikispaces.com/Monsters");

When i run that code I get the StatusCode 302 and get sent to https://session.wikispaces.com/1/auth/auth?authToken=token. I expect the HttpClient to follow a 302 because I have AllowAutoRedirect = true.

This is the first time I've encountered this problem. It works fine with Postman and RestClient which is part of RestSharp.

like image 253
Diego Avatar asked Feb 23 '17 00:02

Diego


People also ask

Does httpclient automatically follow redirects?

The key header here is Location. If the AllowAutoRedirect is true, the HttpClient will retrieve the value of this header and automatically make a request to the URL specified there. Now I opened by saying it is partly true and partly false that the HttpClient automatically follows redirects, and I seem to have proved otherwise.

Does allowautoredirect work with HTTP to https redirects?

Here’s the thing: even with AllowAutoRedirect being true, a request to a http resource that has been redirected to a https resource will NOT be auto redirected. In other words a http or https resource redirected to another http or https resource will redirect just fine.

What is the default value of allowautoredirect?

The default value is true. Set AllowAutoRedirect to true if you want the handler to automatically follow HTTP redirection headers to the new location of the resource. The maximum number of redirections to follow is set by the MaxAutomaticRedirections property.

What happens when allowautoredirect is set to false?

If AllowAutoRedirect is set to false, all HTTP responses with an HTTP status code from 300 to 399 are returned to the application. The Authorization header is cleared on auto-redirects and the handler automatically tries to re-authenticate to the redirected location. No other headers are cleared.


1 Answers

The reason the HttpClient isn't redirecting properly is because the site is redirecting you to HTTPS and then back to HTTP. A quick fix is to GET https://medivia.wikispaces.com/Monsters instead, which is a better idea anyhow:

HttpResponseMessage response = await _httpClient.GetAsync("https://medivia.wikispaces.com/Monsters");
// Works fine! :)

I was curious why it didn't work the first way, so I dug a little deeper. If you watch the network trace in a browser or a network client, this is what happens:

GET http://medivia.wikispaces.com/Monsters
302 https://session.wikispaces.com/1/auth/auth?authToken=token
302 http://medivia.wikispaces.com/Monsters?redirectToken=token

That 302 from an encrypted (HTTPS) connection to an unencrypted one is causing the HttpClientHandler to stop automatically following. From what I can tell, this is a security quirk of the Windows implementation of HttpClientHandler, because the Unix one didn't seem to care about the HTTPS->HTTP redirect in my informal testing.

like image 190
Nate Barbettini Avatar answered Oct 19 '22 05:10

Nate Barbettini