[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Emacs-diffs] master 325200a: Do not include authorization header in an
|
From: |
Thomas Fitzsimmons |
|
Subject: |
[Emacs-diffs] master 325200a: Do not include authorization header in an HTTP redirect |
|
Date: |
Wed, 23 Sep 2015 05:59:43 +0000 |
branch: master
commit 325200ac1dcf5bed6918ea827d8a48d89487e083
Author: Thomas Fitzsimmons <address@hidden>
Commit: Thomas Fitzsimmons <address@hidden>
Do not include authorization header in an HTTP redirect
* lisp/url/url-http.el (url-http-parse-headers): Do not
automatically include Authorization header in redirect.
(Bug#21350)
---
lisp/url/url-http.el | 8 +++++++-
1 files changed, 7 insertions(+), 1 deletions(-)
diff --git a/lisp/url/url-http.el b/lisp/url/url-http.el
index 6a7d8e2..7367a1e 100644
--- a/lisp/url/url-http.el
+++ b/lisp/url/url-http.el
@@ -25,8 +25,8 @@
;;; Code:
+(require 'cl-lib)
(eval-when-compile
- (require 'cl-lib)
(require 'subr-x))
(defvar url-callback-arguments)
@@ -646,6 +646,12 @@ should be shown to the user."
;; compute the redirection relative to the URL of the proxy.
(setq redirect-uri
(url-expand-file-name redirect-uri url-http-target-url)))
+ ;; Do not automatically include an authorization header in the
+ ;; redirect. If needed it will be regenerated by the relevant
+ ;; auth scheme when the new request happens.
+ (setq url-http-extra-headers
+ (cl-remove "Authorization"
+ url-http-extra-headers :key 'car :test 'equal))
(let ((url-request-method url-http-method)
(url-request-data url-http-data)
(url-request-extra-headers url-http-extra-headers))
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [Emacs-diffs] master 325200a: Do not include authorization header in an HTTP redirect,
Thomas Fitzsimmons <=