From 0d5cb13b7e72565fee2368f9b8b123f770a8ab14 Mon Sep 17 00:00:00 2001
From: Andrew Arnott <andrewarnott@gmail.com>
Date: Tue, 13 Jan 2009 19:59:26 -0800
Subject: [PATCH] Added User-Agent header to GET requests (in addition to just
 POSTs).

---
 .../Messaging/StandardWebRequestHandler.cs         | 28 ++++++++++++++++----
 .../Messaging/UntrustedWebRequestHandler.cs        | 30 +++++++++++++---------
 2 files changed, 41 insertions(+), 17 deletions(-)

diff --git a/src/DotNetOpenAuth/Messaging/StandardWebRequestHandler.cs b/src/DotNetOpenAuth/Messaging/StandardWebRequestHandler.cs
index 1a28006..d2ff1d4 100644
--- a/src/DotNetOpenAuth/Messaging/StandardWebRequestHandler.cs
+++ b/src/DotNetOpenAuth/Messaging/StandardWebRequestHandler.cs
@@ -62,6 +62,10 @@ namespace DotNetOpenAuth.Messaging {
 		public DirectWebResponse GetResponse(HttpWebRequest request) {
 			ErrorUtilities.VerifyArgumentNotNull(request, "request");
 
+			// This request MAY have already been prepared by GetRequestStream, but
+			// we have no guarantee, so do it just to be safe.
+			PrepareRequest(request, false);
+
 			try {
 				Logger.DebugFormat("HTTP {0} {1}", request.Method, request.RequestUri);
 				HttpWebResponse response = (HttpWebResponse)request.GetResponse();
@@ -89,11 +93,7 @@ namespace DotNetOpenAuth.Messaging {
 		/// <param name="request">The HTTP request with information about the remote party to contact.</param>
 		/// <returns>The stream where the POST entity can be written.</returns>
 		private static Stream GetRequestStreamCore(HttpWebRequest request) {
-			// Some sites, such as Technorati, return 403 Forbidden on identity
-			// pages unless a User-Agent header is included.
-			if (string.IsNullOrEmpty(request.UserAgent)) {
-				request.UserAgent = userAgentValue;
-			}
+			PrepareRequest(request, true);
 
 			try {
 				return request.GetRequestStream();
@@ -121,5 +121,23 @@ namespace DotNetOpenAuth.Messaging {
 				}
 			}
 		}
+
+		/// <summary>
+		/// Prepares an HTTP request.
+		/// </summary>
+		/// <param name="request">The request.</param>
+		/// <param name="preparingPost"><c>true</c> if this is a POST request whose headers have not yet been sent out; <c>false</c> otherwise.</param>
+		private static void PrepareRequest(HttpWebRequest request, bool preparingPost) {
+			ErrorUtilities.VerifyArgumentNotNull(request, "request");
+
+			// Be careful to not try to change the HTTP headers that have already gone out.
+			if (preparingPost || request.Method == "GET") {
+				// Some sites, such as Technorati, return 403 Forbidden on identity
+				// pages unless a User-Agent header is included.
+				if (string.IsNullOrEmpty(request.UserAgent)) {
+					request.UserAgent = userAgentValue;
+				}
+			}
+		}
 	}
 }
diff --git a/src/DotNetOpenAuth/Messaging/UntrustedWebRequestHandler.cs b/src/DotNetOpenAuth/Messaging/UntrustedWebRequestHandler.cs
index b24cad2..ead3f40 100644
--- a/src/DotNetOpenAuth/Messaging/UntrustedWebRequestHandler.cs
+++ b/src/DotNetOpenAuth/Messaging/UntrustedWebRequestHandler.cs
@@ -193,7 +193,7 @@ namespace DotNetOpenAuth.Messaging {
 			ErrorUtilities.VerifyArgumentNotNull(request, "request");
 			this.EnsureAllowableRequestUri(request.RequestUri, requireSsl);
 
-			this.PrepareRequest(request);
+			this.PrepareRequest(request, true);
 
 			// Submit the request and get the request stream back.
 			return this.chainedWebRequestHandler.GetRequestStream(request);
@@ -213,7 +213,7 @@ namespace DotNetOpenAuth.Messaging {
 
 			// This request MAY have already been prepared by GetRequestStream, but
 			// we have no guarantee, so do it just to be safe.
-			this.PrepareRequest(request);
+			this.PrepareRequest(request, false);
 
 			// Since we may require SSL for every redirect, we handle each redirect manually
 			// in order to detect and fail if any redirect sends us to an HTTP url.
@@ -414,16 +414,22 @@ namespace DotNetOpenAuth.Messaging {
 		/// Prepares the request by setting timeout and redirect policies.
 		/// </summary>
 		/// <param name="request">The request to prepare.</param>
-		private void PrepareRequest(HttpWebRequest request) {
-			// Set/override a few properties of the request to apply our policies for untrusted requests.
-			request.ReadWriteTimeout = (int)this.ReadWriteTimeout.TotalMilliseconds;
-			request.Timeout = (int)this.Timeout.TotalMilliseconds;
-			request.KeepAlive = false;
-
-			// If SSL is required throughout, we cannot allow auto redirects because
-			// it may include a pass through an unprotected HTTP request.
-			// We have to follow redirects manually.
-			request.AllowAutoRedirect = false;
+		/// <param name="preparingPost"><c>true</c> if this is a POST request whose headers have not yet been sent out; <c>false</c> otherwise.</param>
+		private void PrepareRequest(HttpWebRequest request, bool preparingPost) {
+			ErrorUtilities.VerifyArgumentNotNull(request, "request");
+
+			// Be careful to not try to change the HTTP headers that have already gone out.
+			if (preparingPost || request.Method == "GET") {
+				// Set/override a few properties of the request to apply our policies for untrusted requests.
+				request.ReadWriteTimeout = (int)this.ReadWriteTimeout.TotalMilliseconds;
+				request.Timeout = (int)this.Timeout.TotalMilliseconds;
+				request.KeepAlive = false;
+
+				// If SSL is required throughout, we cannot allow auto redirects because
+				// it may include a pass through an unprotected HTTP request.
+				// We have to follow redirects manually.
+				request.AllowAutoRedirect = false;
+			}
 		}
 	}
 }
-- 
2.11.4.GIT