Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

transfer: clear credentials when redirecting to absolute URL #11412

Merged
merged 1 commit into from Jul 9, 2023
Merged

transfer: clear credentials when redirecting to absolute URL #11412

merged 1 commit into from Jul 9, 2023

Conversation

bagder
Copy link
Member

@bagder bagder commented Jul 8, 2023
edited

To make sure the user and password for the second request is taken from the redirected-to URL.

The -u option only sets credentials for the specified URL, not the redirected-to if the redirect is absolute.

Add test case 899 to verify.

Adjusted test 234.

Reported-by: James Lucas
Fixes #11410

@github-actions github-actions bot added the tests label Jul 8, 2023
@bagder

This comment was marked as outdated.

Sign in to view
@bagder
Copy link
Member Author

bagder commented Jul 9, 2023
edited

Or maybe I need to rethink this.

rethinking

@bagder
transfer: clear credentials when redirecting to absolute URL
dd4d1a2 
Make sure the user and password for the second request is taken from the
redirected-to URL.

Add test case 899 to verify.

Reported-by: James Lucas
Fixes #11410
Closes #11412
@bagder bagder merged commit dd4d1a2 into master Jul 9, 2023
150 of 158 checks passed
@bagder bagder deleted the bagder/redirect-creds branch July 9, 2023 16:43
bch pushed a commit to bch/curl that referenced this pull request Jul 19, 2023
@bagder @bch
transfer: clear credentials when redirecting to absolute URL
9a5385e 
Make sure the user and password for the second request is taken from the
redirected-to URL.

Add test case 899 to verify.

Reported-by: James Lucas
Fixes curl#11410
Closes curl#11412
ptitSeb pushed a commit to wasix-org/curl that referenced this pull request Sep 25, 2023
@bagder @ptitSeb
transfer: clear credentials when redirecting to absolute URL
db1d086 
Make sure the user and password for the second request is taken from the
redirected-to URL.

Add test case 899 to verify.

Reported-by: James Lucas
Fixes curl#11410
Closes curl#11412
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
authentication HTTP tests
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Password provided in Location header not used in redirect request
1 participant
@bagder