From 6128aa55de304b6b5f1ed482ed3deb1d224cf622 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Morten=20B=C3=B8gh?= <morten@justabeech.com>
Date: Sat, 27 Feb 2021 20:32:09 +0100
Subject: [PATCH] [SecurityHeaders] Added a possibility for no follow redirects
 (#6212)

* Added a possibility for no follow redirects

* Changed from noFollowRedirects to ignoreRedirects

* Update services/security-headers/security-headers.service.js

Co-authored-by: chris48s <chris48s@users.noreply.github.com>

* correct test color

Co-authored-by: chris48s <chris48s@users.noreply.github.com>
Co-authored-by: Caleb Cartwright <calebcartwright@users.noreply.github.com>
Co-authored-by: repo-ranger[bot] <39074581+repo-ranger[bot]@users.noreply.github.com>
---
 .../security-headers/security-headers.service.js  | 15 +++++++++++++--
 .../security-headers/security-headers.tester.js   |  6 +++++-
 2 files changed, 18 insertions(+), 3 deletions(-)

diff --git a/services/security-headers/security-headers.service.js b/services/security-headers/security-headers.service.js
index 4deb2abe1c..2816da7adf 100644
--- a/services/security-headers/security-headers.service.js
+++ b/services/security-headers/security-headers.service.js
@@ -6,6 +6,7 @@ const { BaseService, NotFound } = require('..')
 
 const queryParamSchema = Joi.object({
   url: optionalUrl.required(),
+  ignoreRedirects: Joi.equal(''),
 }).required()
 
 const documentation = `
@@ -38,6 +39,15 @@ module.exports = class SecurityHeaders extends BaseService {
       }),
       documentation,
     },
+    {
+      title: "Security Headers (Don't follow redirects)",
+      namedParams: {},
+      queryParams: { url: 'https://www.shields.io', ignoreRedirects: null },
+      staticPreview: this.render({
+        grade: 'R',
+      }),
+      documentation,
+    },
   ]
 
   static defaultBadgeData = {
@@ -53,6 +63,7 @@ module.exports = class SecurityHeaders extends BaseService {
       D: 'orange',
       E: 'orange',
       F: 'red',
+      R: 'blue',
     }
 
     return {
@@ -61,7 +72,7 @@ module.exports = class SecurityHeaders extends BaseService {
     }
   }
 
-  async handle(namedParams, { url }) {
+  async handle(namedParams, { url, ignoreRedirects }) {
     const { res } = await this._request({
       url: `https://securityheaders.com`,
       options: {
@@ -69,7 +80,7 @@ module.exports = class SecurityHeaders extends BaseService {
         qs: {
           q: url,
           hide: 'on',
-          followRedirects: 'on',
+          followRedirects: ignoreRedirects !== undefined ? null : 'on',
         },
       },
     })
diff --git a/services/security-headers/security-headers.tester.js b/services/security-headers/security-headers.tester.js
index 2fa884e23e..f3c4e3b126 100644
--- a/services/security-headers/security-headers.tester.js
+++ b/services/security-headers/security-headers.tester.js
@@ -2,6 +2,10 @@
 
 const t = (module.exports = require('../tester').createServiceTester())
 
-t.create('grade of http://shields.io')
+t.create('grade of https://shields.io')
   .get('/security-headers.json?url=https://shields.io')
   .expectBadge({ label: 'security headers', message: 'F', color: 'red' })
+
+t.create('grade of https://httpstat.us/301 as redirect')
+  .get('/security-headers.json?ignoreRedirects&url=https://httpstat.us/301')
+  .expectBadge({ label: 'security headers', message: 'R', color: 'blue' })
-- 
GitLab