aboutsummaryrefslogtreecommitdiff
path: root/lib/curl_memrchr.c
diff options
context:
space:
mode:
authorDaniel Stenberg <daniel@haxx.se>2018-01-19 13:19:25 +0100
committerDaniel Stenberg <daniel@haxx.se>2018-01-22 10:00:00 +0100
commitaf32cd3859336ab963591ca0df9b1e33a7ee066b (patch)
treeae91ca52a3cbbfabe89c74dda181abbbc40c1150 /lib/curl_memrchr.c
parent993dd5651a6c853bfe3870f6a69c7b329fa4e8ce (diff)
http: prevent custom Authorization headers in redirects
... unless CURLOPT_UNRESTRICTED_AUTH is set to allow them. This matches how curl already handles Authorization headers created internally. Note: this changes behavior slightly, for the sake of reducing mistakes. Added test 317 and 318 to verify. Reported-by: Craig de Stigter Bug: https://curl.haxx.se/docs/adv_2018-b3bf.html
Diffstat (limited to 'lib/curl_memrchr.c')
0 files changed, 0 insertions, 0 deletions