for #180: allow HTTP requests in default hyper client.

If an attacker could manipulate URLs for token retrieval etc., they could wreak considerably more havoc than a downgrade attack.
dermesser · Jun 10, 2022 · c69fffa · c69fffa
1 parent 24f91d6
commit c69fffa
Showing 1 changed file with 3 additions and 3 deletions.
diff --git a/src/authenticator.rs b/src/authenticator.rs
@@ -727,8 +727,8 @@ mod private {
                 AuthFlow::ServiceAccountFlow(service_account_flow) => {
                     service_account_flow.token(hyper_client, scopes).await
                 }
-                AuthFlow::ApplicationDefaultCredentialsFlow(service_account_flow) => {
-                    service_account_flow.token(hyper_client, scopes).await
+                AuthFlow::ApplicationDefaultCredentialsFlow(adc_flow) => {
+                    adc_flow.token(hyper_client, scopes).await
                 }
                 AuthFlow::AuthorizedUserFlow(authorized_user_flow) => {
                     authorized_user_flow.token(hyper_client, scopes).await
@@ -792,7 +792,7 @@ impl HyperClientBuilder for DefaultHyperClient {
         #[cfg(feature = "hyper-rustls")]
         let connector = hyper_rustls::HttpsConnectorBuilder::new()
             .with_native_roots()
-            .https_only()
+            .https_or_http()
             .enable_http1()
             .enable_http2()
             .build();