GNU bug report logs -
#21350
25.0.50; Do not automatically include authorization header in HTTP redirects
Previous Next
Reported by: Thomas Fitzsimmons <fitzsim <at> fitzsim.org>
Date: Wed, 26 Aug 2015 02:38:01 UTC
Severity: normal
Tags: patch
Found in version 25.0.50
Done: Thomas Fitzsimmons <fitzsim <at> fitzsim.org>
Bug is archived. No further changes may be made.
Full log
View this message in rfc822 format
[Message part 1 (text/plain, inline)]
Stefan Monnier <monnier <at> iro.umontreal.ca> writes:
>> looks like it would be faster. I'm not sure why I would use remq since
>> I'm overwriting url-http-extra-headers anyway.
>
> It depends on where that list comes from and where it might have been
> stored in the mean time. If we know that noone else points to that
> list, then `delq' is the best option.
>
>> but should I avoid using cl-lib in this context?
>
> No, you can feel free to use cl-lib.
>
>> Another consideration is that I want to be able to backport this
>> change (as an ELPA-installed patch) all the way back to Emacs 24.1, so
>> maybe that's another reason not to use cl-lib.
>
> cl-lib is in GNU ELPA and works fine for Emacs-24.1 (and AFAICT it also
> works on Emacs-22 and XEmacs).
Here's the updated patch that I tested. Does it look OK stylistically?
I'm going to try to set up some sort of reproducible test for the
various auth schemes across redirects before pushing this, to try to
prove that I'm not breaking some redirect scenarios with this. I'll see
how far I get with that before pushing.
Thomas
[0002-Do-not-include-authorization-header-in-an-HTTP-redir.patch (text/x-patch, attachment)]
This bug report was last modified 9 years and 243 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.