Refuse to send authenticated traffic to an http:// base URL. The instance URL is normally validated by ``validate_instance_url`` at ``auth login`` time, which already rejects non-HTTPS schemes outside of loopback. This guard catches the residual cases — a manually edited config or a
(base_url: str)
| 88 | |
| 89 | |
| 90 | def _assert_base_url_https(base_url: str) -> None: |
| 91 | """Refuse to send authenticated traffic to an http:// base URL. |
| 92 | |
| 93 | The instance URL is normally validated by ``validate_instance_url`` at |
| 94 | ``auth login`` time, which already rejects non-HTTPS schemes outside |
| 95 | of loopback. This guard catches the residual cases — a manually |
| 96 | edited config or a non-loopback http base that slipped through — so |
| 97 | the API token can't be sent in cleartext before the response-side |
| 98 | redirect check has anything to inspect. |
| 99 | |
| 100 | The same ``GITGUARDIAN_ALLOW_INSECURE_LOOPBACK=1`` bypass used by |
| 101 | ``assert_all_https`` applies here, so local dev against |
| 102 | ``http://localhost:3000`` keeps working. |
| 103 | """ |
| 104 | if base_url.startswith("https://"): |
| 105 | return |
| 106 | if is_insecure_loopback_allowed() and is_loopback(base_url): |
| 107 | return |
| 108 | raise PluginAPIError( |
| 109 | f"Refusing to send authenticated request to non-HTTPS base URL {base_url!r}" |
| 110 | ) |
| 111 | |
| 112 | |
| 113 | class PluginSourceType(Enum): |