5.6 Refuse "downgrade" redirects

2015-05-31 00:39:19 +02:00 · 2015-05-31 00:39:19 +02:00 · 4e7c3c12d3
parent 9a0a16a61c
commit 4e7c3c12d3
1 changed files with 9 additions and 0 deletions
--- a/docs/TODO
+++ b/docs/TODO
@ -49,6 +49,7 @@
 5.3 Rearrange request header order
 5.4 SPDY
 5.5 auth= in URLs
+ 5.6 Refuse "downgrade" redirects

 6. TELNET
 6.1 ditch stdin
@ -348,6 +349,14 @@ This is not detailed in any FTP specification.

 Additionally this should be implemented for proxy base URLs as well.

+5.6 Refuse "downgrade" redirects
+
+ See https://github.com/bagder/curl/issues/226
+
+ Consider a way to tell curl to refuse to "downgrade" protocol with a redirect
+ and/or possibly a bit that refuses redirect to change protocol completely.
+
+
 6. TELNET

 6.1 ditch stdin