]> granicus.if.org Git - curl/commit
projects / curl / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 993dd56) | patch
http: prevent custom Authorization headers in redirects
authorDaniel Stenberg <daniel@haxx.se>
Fri, 19 Jan 2018 12:19:25 +0000 (13:19 +0100)
committerDaniel Stenberg <daniel@haxx.se>
Mon, 22 Jan 2018 09:00:00 +0000 (10:00 +0100)
commitaf32cd3859336ab963591ca0df9b1e33a7ee066b
treeae91ca52a3cbbfabe89c74dda181abbbc40c1150tree | snapshot
parent993dd5651a6c853bfe3870f6a69c7b329fa4e8cecommit | diff
http: prevent custom Authorization headers in redirects

... unless CURLOPT_UNRESTRICTED_AUTH is set to allow them. This matches how
curl already handles Authorization headers created internally.

Note: this changes behavior slightly, for the sake of reducing mistakes.

Added test 317 and 318 to verify.

Reported-by: Craig de Stigter
Bug: https://curl.haxx.se/docs/adv_2018-b3bf.html
docs/libcurl/opts/CURLOPT_HTTPHEADER.3 diff | blob | history
lib/http.c diff | blob | history
lib/setopt.c diff | blob | history
lib/urldata.h diff | blob | history
tests/data/Makefile.inc diff | blob | history
tests/data/test317 [new file with mode: 0644] blob
tests/data/test318 [new file with mode: 0644] blob
Unnamed repository; edit this file 'description' to name the repository.