diff options
| author | Katsuhiko YOSHIDA <claddvd@gmail.com> | 2018-12-30 09:44:30 +0900 |
|---|---|---|
| committer | Daniel Stenberg <daniel@haxx.se> | 2019-01-09 15:18:08 +0100 |
| commit | 1f30dc886d1a4a6e81599a9f5f5e9f60d97801d4 (patch) | |
| tree | 3515976f028d9876632c34e52c2321c15c986fcb /docs/libcurl | |
| parent | 89165c1a947e8c91ca1b380b3a543eb1034f4969 (diff) | |
cookies: skip custom cookies when redirecting cross-site
Closes #3417
Diffstat (limited to 'docs/libcurl')
| -rw-r--r-- | docs/libcurl/opts/CURLOPT_HTTPHEADER.3 | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/docs/libcurl/opts/CURLOPT_HTTPHEADER.3 b/docs/libcurl/opts/CURLOPT_HTTPHEADER.3 index bc070915d..9579fc41b 100644 --- a/docs/libcurl/opts/CURLOPT_HTTPHEADER.3 +++ b/docs/libcurl/opts/CURLOPT_HTTPHEADER.3 @@ -87,6 +87,10 @@ those servers will get all the contents of your custom headers too. Starting in 7.58.0, libcurl will specifically prevent "Authorization:" headers from being sent to other hosts than the first used one, unless specifically permitted with the \fICURLOPT_UNRESTRICTED_AUTH(3)\fP option. + +Starting in 7.64.0, libcurl will specifically prevent "Cookie:" headers +from being sent to other hosts than the first used one, unless specifically +permitted with the \fICURLOPT_UNRESTRICTED_AUTH(3)\fP option. .SH DEFAULT NULL .SH PROTOCOLS |