From 1d50dffd3973ea232eefb4cd5e75af60e9a3a3c9 Mon Sep 17 00:00:00 2001 From: Thuan Vo Date: Wed, 4 Mar 2026 12:09:24 -0800 Subject: [PATCH] OCPBUGS-77830: skip redirect when validating endpoint accessibility The installer uses HTTP HEAD to validate if user-provided service endpoint URLs are reachable. However, in some cases, the request results in a redirect to AWS doc URL, which can causes install failure in disconnected environment. The users should not be required to open access to AWS docs to install. For example: $ curl --head https://sts.ap-southeast-1.amazonaws.com HTTP/1.1 302 Found Location: https://aws.amazon.com/iam --- pkg/asset/installconfig/aws/validation.go | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/pkg/asset/installconfig/aws/validation.go b/pkg/asset/installconfig/aws/validation.go index 0cffc8d4ef..83b1432b7a 100644 --- a/pkg/asset/installconfig/aws/validation.go +++ b/pkg/asset/installconfig/aws/validation.go @@ -864,9 +864,18 @@ func validateEndpointAccessibility(endpointURL string) error { if _, err := url.Parse(endpointURL); err != nil { return fmt.Errorf("failed to parse service endpoint url: %w", err) } - if _, err := http.Head(endpointURL); err != nil { //nolint:gosec + + client := &http.Client{ + CheckRedirect: func(req *http.Request, via []*http.Request) error { + return http.ErrUseLastResponse // Don't follow redirects + }, + } + resp, err := client.Head(endpointURL) + if err != nil { return fmt.Errorf("failed to connect to service endpoint url: %w", err) } + defer resp.Body.Close() + return nil }