authorization header be forwarded to cross-site when redirecting #1510

kyoshidajp · 2018-12-29T01:37:50Z

#1346 fixes only "Authorization" header. "authorization" header isn't supported.

RFC7230 section 3.2 "Header Fields" (https://tools.ietf.org/html/rfc7230#section-3.2) says the following.

Each header field consists of a case-insensitive field name followed
by a colon (":"), optional leading whitespace, the field value, and
optional trailing whitespace.

* Don't load system certificates by default when any other ``ca_certs``, ``ca_certs_dir`` or ``ssl_context`` parameters are specified. * Remove Authorization header regardless of case when redirecting to cross-site. (Issue #1510) * Add support for IPv6 addresses in subjectAltName section of certificates. (Issue #1269)

kyoshidajp mentioned this issue Dec 29, 2018

Remove Authorization header regardless of case when redirecting to cross-site #1511

Merged

sethmlarson closed this as completed in #1511 Dec 29, 2018

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

authorization header be forwarded to cross-site when redirecting #1510

authorization header be forwarded to cross-site when redirecting #1510

kyoshidajp commented Dec 29, 2018 •

edited

authorization header be forwarded to cross-site when redirecting #1510

authorization header be forwarded to cross-site when redirecting #1510

Comments

kyoshidajp commented Dec 29, 2018 • edited

kyoshidajp commented Dec 29, 2018 •

edited