 |
lua-l archive |
|
|
||
|
|
While working on a redirect implementation for LuaSec’s https request I ran into something I’m not sure how to resolve best. The http redirects currently work across schemes; eg. http -> https and vice versa. Except that https -> http is not allowed by default, only by a specific setting, because this redirect is lowering security. In that specific case, the current implementation returns nil + errormessage. Now I was wondering whether I should instead return an http error, because on the Lua code level this is basically a valid request. For example;
return code, headers, status and body for a “403 Forbidden” or “417 Expectation Failed” [1]. Any thoughts? Thijs PS. I’m aware it’s not a Lua specific question, but I’m usually impressed by the amount of knowledge on this list, hence I ask it anyway |