New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
authorization header be forwarded to cross-site when redirecting #1510
Comments
shazow
pushed a commit
that referenced
this issue
Apr 17, 2019
* Don't load system certificates by default when any other ``ca_certs``, ``ca_certs_dir`` or ``ssl_context`` parameters are specified. * Remove Authorization header regardless of case when redirecting to cross-site. (Issue #1510) * Add support for IPv6 addresses in subjectAltName section of certificates. (Issue #1269)
This was referenced Mar 6, 2021
This was referenced Mar 15, 2021
Closed
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
#1346 fixes only "Authorization" header. "authorization" header isn't supported.
RFC7230 section 3.2 "Header Fields" (https://tools.ietf.org/html/rfc7230#section-3.2) says the following.
The text was updated successfully, but these errors were encountered: