How Can I Make the Go HTTP Client NOT Follow Redirects Automatically?

Question

I'm currently writing some software in Go that interacts with a REST API. The REST API endpoint I'm trying to query returns an HTTP 302 redirect along with an HTTP Location header, pointing to a resource URI.

package main

import (
        "errors"
        "fmt"
        "io/ioutil"
        "net/http"
)

var BASE_URL = "https://api.example.com/v1"
var STORMPATH_API_KEY_ID = "xxx"
var STORMPATH_API_KEY_SECRET = "xxx"

func noRedirect(req *http.Request, via []*http.Request) error {
        return errors.New("Don't redirect!")
}

func main() {

        client := &http.Client{
            CheckRedirect: noRedirect
        }
        req, err := http.NewRequest("GET", BASE_URL+"/tenants/current", nil)
        req.SetBasicAuth(EXAMPLE_API_KEY_ID, EXAMPLE_API_KEY_SECRET)

        resp, err := client.Do(req)

        // If we get here, it means one of two things: either this http request
        // actually failed, or we got an http redirect response, and should process it.
        if err != nil {
            if resp.StatusCode == 302 {
                fmt.Println("got redirect")
            } else {
                panic("HTTP request failed.")
            }
        }
        defer resp.Body.Close()

}

Answer 1

There's a much simpler solution right now:

client := &http.Client{
    CheckRedirect: func(req *http.Request, via []*http.Request) error {
        return http.ErrUseLastResponse
    },
}

This way, the http package automatically knows: "Ah, I shouldn't follow any redirects", but does not throw any error. From the comment in the source code:

As a special case, if CheckRedirect returns ErrUseLastResponse, then the most recent response is returned with its body unclosed, along with a nil error.

Answer 2

Another option, using the client itself, without the RoundTrip:

// create a custom error to know if a redirect happened
var RedirectAttemptedError = errors.New("redirect")

client := &http.Client{}
// return the error, so client won't attempt redirects
client.CheckRedirect = func(req *http.Request, via []*http.Request) error {
        return RedirectAttemptedError
}
// Work with the client...
resp, err := client.Head(urlToAccess)

// test if we got the custom error
if urlError, ok := err.(*url.Error); ok && urlError.Err == RedirectAttemptedError{
        err = nil   
}

UPDATE: this solution is for go < 1.7

Answer 3

It is possible, but the solution inverts the problem a little. Here's a sample written up as a golang test.

package redirects

import (
    "github.com/codegangsta/martini-contrib/auth"
    "github.com/go-martini/martini"
    "net/http"
    "net/http/httptest"
    "testing"
)

func TestBasicAuthRedirect(t *testing.T) {
    // Start a test server
    server := setupBasicAuthServer()
    defer server.Close()

    // Set up the HTTP request
    req, err := http.NewRequest("GET", server.URL+"/redirect", nil)
    req.SetBasicAuth("username", "password")
    if err != nil {
        t.Fatal(err)
    }

    transport := http.Transport{}
    resp, err := transport.RoundTrip(req)
    if err != nil {
        t.Fatal(err)
    }
    // Check if you received the status codes you expect. There may
    // status codes other than 200 which are acceptable.
    if resp.StatusCode != 200 && resp.StatusCode != 302 {
        t.Fatal("Failed with status", resp.Status)
    }

    t.Log(resp.Header.Get("Location"))
}


// Create an HTTP server that protects a URL using Basic Auth
func setupBasicAuthServer() *httptest.Server {
    m := martini.Classic()
    m.Use(auth.Basic("username", "password"))
    m.Get("/ping", func() string { return "pong" })
    m.Get("/redirect", func(w http.ResponseWriter, r *http.Request) {
        http.Redirect(w, r, "/ping", 302)
    })
    server := httptest.NewServer(m)
    return server
}

You should be able to put the above code into it's own package called "redirects" and run it after fetching the required dependencies using

mkdir redirects
cd redirects
# Add the above code to a file with an _test.go suffix
go get github.com/codegangsta/martini-contrib/auth
go get github.com/go-martini/martini
go test -v

Hope this helps!

Answer 4

To make request with Basic Auth that does not follow redirect use RoundTrip function that accepts * Request

This code

package main

import (
    "fmt"
    "io/ioutil"
    "net/http"
    "os"
)

func main() {
    var DefaultTransport http.RoundTripper = &http.Transport{}

    req, _ := http.NewRequest("GET", "http://httpbin.org/headers", nil)
    req.SetBasicAuth("user", "password")

    resp, _ := DefaultTransport.RoundTrip(req)
    defer resp.Body.Close()
    contents, err := ioutil.ReadAll(resp.Body)
    if err != nil {
        fmt.Printf("%s", err)
        os.Exit(1)
    }
    fmt.Printf("%s\n", string(contents))
}

outputs

{
  "headers": {
    "Accept-Encoding": "gzip", 
    "Authorization": "Basic dXNlcjpwYXNzd29yZA==", 
    "Connection": "close", 
    "Host": "httpbin.org", 
    "User-Agent": "Go 1.1 package http", 
    "X-Request-Id": "45b512f1-22e9-4e49-8acb-2f017e0a4e35"
  }
}

Answer 5

As an addition of top rated answer,

You can control the particle size

func myCheckRedirect(req *http.Request, via []*http.Request, times int) error {
    err := fmt.Errorf("redirect policy: stopped after %d times", times)
    if len(via) >= times {
        return err
    }
    return nil
}

...

    client := &http.Client{
        CheckRedirect: func(req *http.Request, via []*http.Request) error {
            return myCheckRedirect(req, via, 1)
        },
    }

ref: https://golangbyexample.com/http-no-redirect-client-golang/