mirror of
https://github.com/moparisthebest/curl
synced 2024-12-24 00:58:48 -05:00
parent
89165c1a94
commit
1f30dc886d
@ -87,6 +87,10 @@ those servers will get all the contents of your custom headers too.
|
|||||||
Starting in 7.58.0, libcurl will specifically prevent "Authorization:" headers
|
Starting in 7.58.0, libcurl will specifically prevent "Authorization:" headers
|
||||||
from being sent to other hosts than the first used one, unless specifically
|
from being sent to other hosts than the first used one, unless specifically
|
||||||
permitted with the \fICURLOPT_UNRESTRICTED_AUTH(3)\fP option.
|
permitted with the \fICURLOPT_UNRESTRICTED_AUTH(3)\fP option.
|
||||||
|
|
||||||
|
Starting in 7.64.0, libcurl will specifically prevent "Cookie:" headers
|
||||||
|
from being sent to other hosts than the first used one, unless specifically
|
||||||
|
permitted with the \fICURLOPT_UNRESTRICTED_AUTH(3)\fP option.
|
||||||
.SH DEFAULT
|
.SH DEFAULT
|
||||||
NULL
|
NULL
|
||||||
.SH PROTOCOLS
|
.SH PROTOCOLS
|
||||||
|
@ -1835,7 +1835,8 @@ CURLcode Curl_add_custom_headers(struct connectdata *conn,
|
|||||||
checkprefix("Transfer-Encoding:", headers->data))
|
checkprefix("Transfer-Encoding:", headers->data))
|
||||||
/* HTTP/2 doesn't support chunked requests */
|
/* HTTP/2 doesn't support chunked requests */
|
||||||
;
|
;
|
||||||
else if(checkprefix("Authorization:", headers->data) &&
|
else if((checkprefix("Authorization:", headers->data) ||
|
||||||
|
checkprefix("Cookie:", headers->data)) &&
|
||||||
/* be careful of sending this potentially sensitive header to
|
/* be careful of sending this potentially sensitive header to
|
||||||
other hosts */
|
other hosts */
|
||||||
(data->state.this_is_a_follow &&
|
(data->state.this_is_a_follow &&
|
||||||
|
@ -56,7 +56,7 @@ test289 test290 test291 test292 test293 test294 test295 test296 test297 \
|
|||||||
test298 test299 test300 test301 test302 test303 test304 test305 test306 \
|
test298 test299 test300 test301 test302 test303 test304 test305 test306 \
|
||||||
test307 test308 test309 test310 test311 test312 test313 test314 test315 \
|
test307 test308 test309 test310 test311 test312 test313 test314 test315 \
|
||||||
test316 test317 test318 test319 test320 test321 test322 test323 test324 \
|
test316 test317 test318 test319 test320 test321 test322 test323 test324 \
|
||||||
test325 test326 test327 test328 test329 \
|
test325 test326 test327 test328 test329 test330 \
|
||||||
\
|
\
|
||||||
test340 \
|
test340 \
|
||||||
\
|
\
|
||||||
|
90
tests/data/test330
Normal file
90
tests/data/test330
Normal file
@ -0,0 +1,90 @@
|
|||||||
|
<testcase>
|
||||||
|
<info>
|
||||||
|
<keywords>
|
||||||
|
HTTP
|
||||||
|
followlocation
|
||||||
|
cookies
|
||||||
|
</keywords>
|
||||||
|
</info>
|
||||||
|
#
|
||||||
|
# Server-side
|
||||||
|
<reply>
|
||||||
|
<data>
|
||||||
|
HTTP/1.1 302 OK
|
||||||
|
Date: Thu, 09 Nov 2010 14:49:00 GMT
|
||||||
|
Server: test-server/fake swsclose
|
||||||
|
Content-Type: text/html
|
||||||
|
Funny-head: yesyes
|
||||||
|
Location: http://goto.second.host.now/3170002
|
||||||
|
Content-Length: 8
|
||||||
|
Connection: close
|
||||||
|
|
||||||
|
contents
|
||||||
|
</data>
|
||||||
|
<data2>
|
||||||
|
HTTP/1.1 200 OK
|
||||||
|
Date: Thu, 09 Nov 2010 14:49:00 GMT
|
||||||
|
Server: test-server/fake swsclose
|
||||||
|
Content-Type: text/html
|
||||||
|
Funny-head: yesyes
|
||||||
|
Content-Length: 9
|
||||||
|
|
||||||
|
contents
|
||||||
|
</data2>
|
||||||
|
|
||||||
|
<datacheck>
|
||||||
|
HTTP/1.1 302 OK
|
||||||
|
Date: Thu, 09 Nov 2010 14:49:00 GMT
|
||||||
|
Server: test-server/fake swsclose
|
||||||
|
Content-Type: text/html
|
||||||
|
Funny-head: yesyes
|
||||||
|
Location: http://goto.second.host.now/3170002
|
||||||
|
Content-Length: 8
|
||||||
|
Connection: close
|
||||||
|
|
||||||
|
HTTP/1.1 200 OK
|
||||||
|
Date: Thu, 09 Nov 2010 14:49:00 GMT
|
||||||
|
Server: test-server/fake swsclose
|
||||||
|
Content-Type: text/html
|
||||||
|
Funny-head: yesyes
|
||||||
|
Content-Length: 9
|
||||||
|
|
||||||
|
contents
|
||||||
|
</datacheck>
|
||||||
|
</reply>
|
||||||
|
|
||||||
|
#
|
||||||
|
# Client-side
|
||||||
|
<client>
|
||||||
|
<server>
|
||||||
|
http
|
||||||
|
</server>
|
||||||
|
<name>
|
||||||
|
HTTP with custom Cookie: and redirect to new host
|
||||||
|
</name>
|
||||||
|
<command>
|
||||||
|
http://first.host.it.is/we/want/that/page/317 -x %HOSTIP:%HTTPPORT -H "Cookie: test=yes" --location
|
||||||
|
</command>
|
||||||
|
</client>
|
||||||
|
|
||||||
|
#
|
||||||
|
# Verify data after the test has been "shot"
|
||||||
|
<verify>
|
||||||
|
<strip>
|
||||||
|
^User-Agent:.*
|
||||||
|
</strip>
|
||||||
|
<protocol>
|
||||||
|
GET http://first.host.it.is/we/want/that/page/317 HTTP/1.1
|
||||||
|
Host: first.host.it.is
|
||||||
|
Accept: */*
|
||||||
|
Proxy-Connection: Keep-Alive
|
||||||
|
Cookie: test=yes
|
||||||
|
|
||||||
|
GET http://goto.second.host.now/3170002 HTTP/1.1
|
||||||
|
Host: goto.second.host.now
|
||||||
|
Accept: */*
|
||||||
|
Proxy-Connection: Keep-Alive
|
||||||
|
|
||||||
|
</protocol>
|
||||||
|
</verify>
|
||||||
|
</testcase>
|
Loading…
Reference in New Issue
Block a user