From 01534e522dd5529f4a10a899e59c0214a0ede638 Mon Sep 17 00:00:00 2001
From: Jason Hee <jasonheecs@gmail.com>
Date: Wed, 6 May 2020 17:26:54 +0800
Subject: [PATCH] Redirect with authorization credentials to same host for
 relative paths

---
 lib/httparty/request.rb       |  2 +-
 spec/httparty/request_spec.rb | 14 ++++++++++++++
 2 files changed, 15 insertions(+), 1 deletion(-)

diff --git a/lib/httparty/request.rb b/lib/httparty/request.rb
index aecc1146..34d274e5 100644
--- a/lib/httparty/request.rb
+++ b/lib/httparty/request.rb
@@ -299,7 +299,7 @@ def handle_response(body, &block)
     def handle_host_redirection
       check_duplicate_location_header
       redirect_path = options[:uri_adapter].parse(last_response['location']).normalize
-      return if redirect_path.relative? || path.host == redirect_path.host
+      return if redirect_path.relative? || path.host == redirect_path.host || uri.host == redirect_path.host
       @changed_hosts = true
     end
 
diff --git a/spec/httparty/request_spec.rb b/spec/httparty/request_spec.rb
index 4b4c237a..aadc9210 100644
--- a/spec/httparty/request_spec.rb
+++ b/spec/httparty/request_spec.rb
@@ -1313,6 +1313,20 @@
         @request.send(:setup_raw_request)
         expect(@request.instance_variable_get(:@raw_request)['authorization']).to eq(@authorization)
       end
+
+      context 'when uri path is a relative path' do
+        before do
+          @request.path = '/v1'
+          @request.options[:base_uri] = 'http://api.foo.com'
+        end
+
+        it "should send Authorization header when redirecting to the same host" do
+          @redirect['location'] = 'http://api.foo.com/v2'
+          @request.perform
+          @request.send(:setup_raw_request)
+          expect(@request.instance_variable_get(:@raw_request)['authorization']).to eq(@authorization)
+        end
+      end
     end
   end