API 'api_url' field contains http urls
And as requests
behaves like most of the web browsers, when it gets a 302 redirect response, the target url is contacted with a GET request, no matter what method was initially used. Example :
- Cthulhu is my DNS, on a server vlan
- it queries re2o.rezometz.org (in https because of its configuration)
- changes were made, so cthulhu looks for the
api_url
from the adequate service and send a PATCH to this url. - the web server gets a PATCH request in http, it replies with a 302 redirect to https://re2o.rezometz.org
- requests performs a GET to https://re2o.rezometz.org
In the end, the PATCH request was not performed... A simple fix would be to send an https URL in the API response. Unfortunately I was unable to figure out how to do that so far.