While working on a redirect implementation for LuaSec’s https request I ran into something I’m not sure how to resolve best.
The http redirects currently work across schemes; eg. http -> https and vice versa. Except that https -> http is not allowed by default, only by a specific setting, because this redirect is lowering security.
In that specific case, the current implementation returns nil + errormessage. Now I was wondering whether I should instead return an http error, because on the Lua code level this is basically a valid request. For example; return code, headers, status and body for a “403 Forbidden” or “417 Expectation Failed” .
PS. I’m aware it’s not a Lua specific question, but I’m usually impressed by the amount of knowledge on this list, hence I ask it anyway