From 58daf6bfed457dd10b206c1c9a26cf21380f7c62 Mon Sep 17 00:00:00 2001
From: Austin Cherry <acherry@cloudflare.com>
Date: Tue, 13 Nov 2018 14:26:20 -0600
Subject: [PATCH] AUTH-1308: get jwt even when you are already logged in

---
 cmd/cloudflared/transfer/transfer.go | 16 +++++++---------
 1 file changed, 7 insertions(+), 9 deletions(-)

diff --git a/cmd/cloudflared/transfer/transfer.go b/cmd/cloudflared/transfer/transfer.go
index df6b15df..509a7b69 100644
--- a/cmd/cloudflared/transfer/transfer.go
+++ b/cmd/cloudflared/transfer/transfer.go
@@ -83,21 +83,19 @@ func Run(transferURL *url.URL, resourceName, key, value, path string, shouldEncr
 
 // BuildRequestURL creates a request suitable for a resource transfer.
 // it will return a constructed url based off the base url and query key/value provided.
-// follow will follow redirects.
-func buildRequestURL(baseURL *url.URL, key, value string, follow bool) (string, error) {
+// cli will build a url for cli transfer request.
+func buildRequestURL(baseURL *url.URL, key, value string, cli bool) (string, error) {
 	q := baseURL.Query()
 	q.Set(key, value)
 	baseURL.RawQuery = q.Encode()
-	if !follow {
+	if !cli {
 		return baseURL.String(), nil
 	}
 
-	response, err := http.Get(baseURL.String())
-	if err != nil {
-		return "", err
-	}
-	return response.Request.URL.String(), nil
-
+	q.Set("redirect_url", baseURL.String()) // we add the token as a query param on both the redirect_url
+	baseURL.RawQuery = q.Encode()           // and this actual baseURL.
+	baseURL.Path = "cdn-cgi/access/cli"
+	return baseURL.String(), nil
 }
 
 // transferRequest downloads the requested resource from the request URL