Okhttp: Do You guys think, that know better than me, what I want?

Created on 7 Apr 2017  路  2Comments  路  Source: square/okhttp

Do You guys think, that know better than me, what I want? Why did You do all this f*king "security" checks without ability to make "unsafe" HTTP opertaions?

Here what I mean:

REF: https://github.com/square/okhttp/blob/master/okhttp/src/main/java/okhttp3/HttpUrl.java

  1. "By canonicalizing the input paths, they are complicit in directory traversal attacks."

It's a client, not a server! Why cannot I send a path-traversal request for a testing purpose?

  1. "Each component must be encoded before it is embedded in the complete URL."

Some security tests should be send in an unencoded URL form. But You guys say: "No, people doesn't need it, we know". How do You know this?

And Google decides, why don't we use OkHttp as underlying level of HttpURLConnection. Nor You nor google give developer an alternative. It's pretty sad, when you have to look for an alternative for a such common component.

picture dnovikov-pro
👎7

Most helpful comment

Here's an alternative: https://hc.apache.org/httpcomponents-client-ga/

picture JakeWharton on 7 Apr 2017
😄4

All 2 comments

Here's an alternative: https://hc.apache.org/httpcomponents-client-ga/

JakeWharton picture JakeWharton on 7 Apr 2017
😄4

@JakeWharton I would have responded with:

dancing happy cuac

cesards picture cesards on 7 Apr 2017
😄1 👍1
Was this page helpful?
0 / 5 - 0 ratings

Related issues

yschimke picture yschimke  路  3Comments
albka1986 picture albka1986  路  3Comments
vanshg picture vanshg  路  3Comments
nikunjgundaniya picture nikunjgundaniya  路  3Comments
yschimke picture yschimke  路  3Comments