From 07a83bf31030ce3d284cff548e9bee35ae2f6008 Mon Sep 17 00:00:00 2001
From: zzz <zzz@mail.i2p>
Date: Tue, 21 Nov 2017 00:58:44 +0000
Subject: [PATCH] EepGet: Refuse attempted redirect to HTTPS, won't work

---
 core/java/src/net/i2p/util/EepGet.java | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/core/java/src/net/i2p/util/EepGet.java b/core/java/src/net/i2p/util/EepGet.java
index 19c19e6f0..e44b175ee 100644
--- a/core/java/src/net/i2p/util/EepGet.java
+++ b/core/java/src/net/i2p/util/EepGet.java
@@ -720,6 +720,8 @@ public class EepGet {
             try {
                 if (_redirectLocation.startsWith("http://")) {
                     _actualURL = _redirectLocation;
+                } else if (_redirectLocation.startsWith("https://")) {
+                    throw new IOException("Redirect to https unsupported");
                 } else { 
                     // the Location: field has been required to be an absolute URI at least since
                     // RFC 1945 (HTTP/1.0 1996), so it isn't clear what the point of this is.