Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

authorization header be forwarded to cross-site when redirecting #1510

Closed
kyoshidajp opened this issue Dec 29, 2018 · 0 comments
Closed

authorization header be forwarded to cross-site when redirecting #1510

kyoshidajp opened this issue Dec 29, 2018 · 0 comments

Comments

@kyoshidajp
Copy link
Contributor

@kyoshidajp kyoshidajp commented Dec 29, 2018

#1346 fixes only "Authorization" header. "authorization" header isn't supported.

RFC7230 section 3.2 "Header Fields" (https://tools.ietf.org/html/rfc7230#section-3.2) says the following.

Each header field consists of a case-insensitive field name followed
by a colon (":"), optional leading whitespace, the field value, and
optional trailing whitespace.

shazow added a commit that referenced this issue Apr 17, 2019
* Don't load system certificates by default when any other ``ca_certs``, ``ca_certs_dir`` or ``ssl_context`` parameters are specified.
* Remove Authorization header regardless of case when redirecting to cross-site. (Issue #1510)
* Add support for IPv6 addresses in subjectAltName section of certificates. (Issue #1269)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
1 participant
You can’t perform that action at this time.