lua-users home
lua-l archive

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]

While working on a redirect implementation for LuaSec’s https request I ran into something I’m not sure how to resolve best.


The http redirects currently work across schemes; eg. http -> https and vice versa. Except that https -> http is not allowed by default, only by a specific setting, because this redirect is lowering security.


In that specific case, the current implementation returns nil + errormessage. Now I was wondering whether I should instead return an http error, because on the Lua code level this is basically a valid request. For example; return code, headers, status and body for a  “403 Forbidden” or “417 Expectation Failed” [1].


Any thoughts?




PS. I’m aware it’s not a Lua specific question, but I’m usually impressed by the amount of knowledge on this list, hence I ask it anyway