GNU bug report logs - #21350
25.0.50; Do not automatically include authorization header in HTTP redirects

Previous Next

Package: emacs;

Reported by: Thomas Fitzsimmons <fitzsim <at> fitzsim.org>

Date: Wed, 26 Aug 2015 02:38:01 UTC

Severity: normal

Tags: patch

Found in version 25.0.50

Done: Thomas Fitzsimmons <fitzsim <at> fitzsim.org>

Bug is archived. No further changes may be made.

Full log

Message #10 received at 21350 <at> debbugs.gnu.org (full text, mbox):

From: Stefan Monnier <monnier <at> iro.umontreal.ca>
To: Thomas Fitzsimmons <fitzsim <at> fitzsim.org>
Cc: 21350 <at> debbugs.gnu.org
Subject: Re: bug#21350: 25.0.50;
 Do not automatically include authorization header in HTTP redirects
Date: Sat, 29 Aug 2015 11:21:35 -0400

> This patch is required for url-http-ntlm.el to handle redirects.  I'd
> like someone more familiar with url-http.el to review it.

I'm not sure if there is such a someone, to tell you the truth.  I can
give you comments about Elisp style:

+	   ;; Don't automatically include authorization header in redirect.
+	   ;; If needed it will be regenerated by the relevant auth scheme
+	   ;; when the new request happens.
+	   (setq url-http-extra-headers
+		 (let (result)
+		   (dolist (header url-http-extra-headers)
+		     (if (not (equal (car header) "Authorization"))
+			 (push header result)))
+		   (nreverse result)))

IIUC this is like:

  (let ((a (assoc "Authorization" url-http-extra-headers)))
    (if a (setq url-http-extra-headers (delq a url-http-extra-headers))))

Tho maybe it should be `remq' rather than `delq'.


        Stefan
This bug report was last modified 9 years and 244 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.