From c69fffac285bebd9cc5e22c0a71ce3107bbd8486 Mon Sep 17 00:00:00 2001
From: Lewin Bormann <lewin@lewin-bormann.info>
Date: Thu, 9 Jun 2022 20:14:44 -0700
Subject: [PATCH] for #180: allow HTTP requests in default hyper client.

If an attacker could manipulate URLs for token retrieval etc., they
could wreak considerably more havoc than a downgrade attack.
---
 src/authenticator.rs | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/src/authenticator.rs b/src/authenticator.rs
index adff861..8d2f602 100644
--- a/src/authenticator.rs
+++ b/src/authenticator.rs
@@ -727,8 +727,8 @@ mod private {
                 AuthFlow::ServiceAccountFlow(service_account_flow) => {
                     service_account_flow.token(hyper_client, scopes).await
                 }
-                AuthFlow::ApplicationDefaultCredentialsFlow(service_account_flow) => {
-                    service_account_flow.token(hyper_client, scopes).await
+                AuthFlow::ApplicationDefaultCredentialsFlow(adc_flow) => {
+                    adc_flow.token(hyper_client, scopes).await
                 }
                 AuthFlow::AuthorizedUserFlow(authorized_user_flow) => {
                     authorized_user_flow.token(hyper_client, scopes).await
@@ -792,7 +792,7 @@ impl HyperClientBuilder for DefaultHyperClient {
         #[cfg(feature = "hyper-rustls")]
         let connector = hyper_rustls::HttpsConnectorBuilder::new()
             .with_native_roots()
-            .https_only()
+            .https_or_http()
             .enable_http1()
             .enable_http2()
             .build();