Instantly share code, notes, and snippets.

Embed
What would you like to do?
Demonstrating that Ruby sends invalid HTTPS requests unless use_ssl is explicitly set
require 'net/https'
# Returns {"errors":[{"message":"Bad Authentication data","code":215}]}
# Issues a HTTPS request to: GET https://api.twitter.com/1.1/users/show.json?user_id=33978
# Prints: Explicit SSL: #<Net::HTTPBadRequest:0x10b65f188>
uri = URI.parse("https://api.twitter.com/1.1/users/show.json?user_id=33978")
http = Net::HTTP.new(uri.host, uri.port)
http.use_ssl = true
http.verify_mode = OpenSSL::SSL::VERIFY_PEER
request = Net::HTTP::Get.new(uri.request_uri)
begin
response = http.request(request)
puts "Explicit SSL: #{response}"
rescue EOFError => err
puts "No explicit SSL (EOFError): #{err}"
end
# Throws EOFError
# Issues a HTTP request to: GET http://api.twitter.com:443/1.1/users/show.json?user_id=33978
# Prints: No explicit SSL (EOFError): end of file reached
uri = URI.parse("https://api.twitter.com/1.1/users/show.json?user_id=33978")
http = Net::HTTP.new(uri.host, uri.port)
request = Net::HTTP::Get.new(uri.request_uri)
begin
response = http.request(request)
puts "No explicit SSL: #{response}"
rescue EOFError => err
puts "No explicit SSL (EOFError): #{err}"
end
# Throws EOFError
# Issues a HTTP request to: GET http://api.twitter.com:443/1.1/users/show.json?user_id=33978
# Prints: Blank accept-encoding: (EOFError): end of file reached
uri = URI.parse("https://api.twitter.com/1.1/users/show.json?user_id=33978")
http = Net::HTTP.new(uri.host, uri.port)
request = Net::HTTP::Get.new(uri.request_uri)
request["accept-encoding"] = ""
begin
response = http.request(request)
puts "Blank accept-encoding: #{response}"
rescue EOFError => err
puts "Blank accept-encoding: (EOFError): #{err}"
end
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment