GNU bug report logs - #21350
25.0.50; Do not automatically include authorization header in HTTP redirects

Previous Next

Package: emacs;

Reported by: Thomas Fitzsimmons <fitzsim <at> fitzsim.org>

Date: Wed, 26 Aug 2015 02:38:01 UTC

Severity: normal

Tags: patch

Found in version 25.0.50

Done: Thomas Fitzsimmons <fitzsim <at> fitzsim.org>

Bug is archived. No further changes may be made.

Full log

View this message in rfc822 format

From: Thomas Fitzsimmons <fitzsim <at> fitzsim.org>
To: 21350 <at> debbugs.gnu.org
Subject: bug#21350: 25.0.50; Do not automatically include authorization header in HTTP redirects
Date: Tue, 25 Aug 2015 22:37:46 -0400

[Message part 1 (text/plain, inline)]

Hi,

This patch is required for url-http-ntlm.el to handle redirects.  I'd
like someone more familiar with url-http.el to review it.  Basically,
this patch leaves it up to the authentication scheme to decide whether
to include an "Authorization" across a redirect or not.

I tested this on normal redirects (independent of url-http-ntlm.el) and
it seems to work fine, with the built-in Basic authorization scheme
re-adding the header where required.

Thanks,
Thomas

[0001-Do-not-include-authorization-header-in-an-HTTP-redir.patch (text/x-patch, attachment)]

This bug report was last modified 9 years and 243 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.

GNU bug report logs - #21350 25.0.50; Do not automatically include authorization header in HTTP redirects

GNU bug report logs - #21350
25.0.50; Do not automatically include authorization header in HTTP redirects