Github/emacs
2
0
Fork 1
mirror of git://git.sv.gnu.org/emacs.git synced 2026-02-16 17:24:23 +00:00
Code Issues Projects Releases Packages Wiki Activity

Do not include authorization header in an HTTP redirect

Browse source 
* lisp/url/url-http.el (url-http-parse-headers): Do not
automatically include Authorization header in redirect.
(Bug#21350)
This commit is contained in:
Thomas Fitzsimmons 2015-09-23 01:45:29 -04:00
parent a4d5717e7b
commit 325200ac1d
1 changed files with 7 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
lisp/url/url-http.el
View file

@ -25,8 +25,8 @@
;;; Code:
(require 'cl-lib)
(eval-when-compile
(require 'cl-lib)
(require 'subr-x))
(defvar url-callback-arguments)
@ -646,6 +646,12 @@ should be shown to the user."
;; compute the redirection relative to the URL of the proxy.
(setq redirect-uri
(url-expand-file-name redirect-uri url-http-target-url)))
;; Do not automatically include an authorization header in the
;; redirect. If needed it will be regenerated by the relevant
;; auth scheme when the new request happens.
(setq url-http-extra-headers
(cl-remove "Authorization"
url-http-extra-headers :key 'car :test 'equal))
(let ((url-request-method url-http-method)
(url-request-data url-http-data)
(url-request-extra-headers url-http-extra-headers))