1
0
mirror of https://github.com/aclindsa/ofxgo.git synced 2024-12-25 22:43:21 -05:00

Check HTTPS is always used

This commit is contained in:
Aaron Lindsay 2017-04-01 21:33:56 -04:00
parent 62f0ae600b
commit 47f1b82c0b

View File

@ -4,6 +4,7 @@ import (
"errors"
"io"
"net/http"
"strings"
)
type Client struct {
@ -62,6 +63,10 @@ func (c *Client) IndentRequests() bool {
// read from 'r'. The caller is responsible for closing the http Response.Body
// (see the http module's documentation for more information)
func RawRequest(URL string, r io.Reader) (*http.Response, error) {
if !strings.HasPrefix(URL, "https://") {
return nil, errors.New("Refusing to send OFX request with possible plain-text password over non-https protocol")
}
response, err := http.Post(URL, "application/x-ofx", r)
if err != nil {
return nil, err