moparisthebest/curl - curl - code.moparisthebest.com

moparisthebest/curl

Fork 0

mirror of https://github.com/moparisthebest/curl synced 2024-11-05 00:55:04 -05:00

Commit Graph

Author	SHA1	Message	Date
Daniel Stenberg	af32cd3859	http: prevent custom Authorization headers in redirects ... unless CURLOPT_UNRESTRICTED_AUTH is set to allow them. This matches how curl already handles Authorization headers created internally. Note: this changes behavior slightly, for the sake of reducing mistakes. Added test 317 and 318 to verify. Reported-by: Craig de Stigter Bug: https://curl.haxx.se/docs/adv_2018-b3bf.html	2018-01-22 10:00:00 +01:00

Author

SHA1

Message

Date

Daniel Stenberg

af32cd3859

http: prevent custom Authorization headers in redirects

... unless CURLOPT_UNRESTRICTED_AUTH is set to allow them. This matches how
curl already handles Authorization headers created internally.

Note: this changes behavior slightly, for the sake of reducing mistakes.

Added test 317 and 318 to verify.

Reported-by: Craig de Stigter
Bug: https://curl.haxx.se/docs/adv_2018-b3bf.html

2018-01-22 10:00:00 +01:00

1 Commits