for #180: allow HTTP requests in default hyper client.

If an attacker could manipulate URLs for token retrieval etc., they could wreak considerably more havoc than a downgrade attack.
2026-01-01 09:00:04 +01:00 · 2022-06-09 20:14:44 -07:00
parent 24f91d697c
commit c69fffac28
1 changed files with 3 additions and 3 deletions
--- a/src/authenticator.rs
+++ b/src/authenticator.rs
@@ -727,8 +727,8 @@ mod private {
                AuthFlow::ServiceAccountFlow(service_account_flow) => {
                    service_account_flow.token(hyper_client, scopes).await
                }
-                AuthFlow::ApplicationDefaultCredentialsFlow(service_account_flow) => {
-                    service_account_flow.token(hyper_client, scopes).await
+                AuthFlow::ApplicationDefaultCredentialsFlow(adc_flow) => {
+                    adc_flow.token(hyper_client, scopes).await
                }
                AuthFlow::AuthorizedUserFlow(authorized_user_flow) => {
                    authorized_user_flow.token(hyper_client, scopes).await
@@ -792,7 +792,7 @@ impl HyperClientBuilder for DefaultHyperClient {
        #[cfg(feature = "hyper-rustls")]
        let connector = hyper_rustls::HttpsConnectorBuilder::new()
            .with_native_roots()
-            .https_only()
+            .https_or_http()
            .enable_http1()
            .enable_http2()
            .build();