aboutsummaryrefslogtreecommitdiff
path: root/lib
diff options
context:
space:
mode:
authorKatsuhiko YOSHIDA <claddvd@gmail.com>2018-12-30 09:44:30 +0900
committerDaniel Stenberg <daniel@haxx.se>2019-01-09 15:18:08 +0100
commit1f30dc886d1a4a6e81599a9f5f5e9f60d97801d4 (patch)
tree3515976f028d9876632c34e52c2321c15c986fcb /lib
parent89165c1a947e8c91ca1b380b3a543eb1034f4969 (diff)
cookies: skip custom cookies when redirecting cross-site
Closes #3417
Diffstat (limited to 'lib')
-rw-r--r--lib/http.c3
1 files changed, 2 insertions, 1 deletions
diff --git a/lib/http.c b/lib/http.c
index 303535af6..dd98e4a12 100644
--- a/lib/http.c
+++ b/lib/http.c
@@ -1835,7 +1835,8 @@ CURLcode Curl_add_custom_headers(struct connectdata *conn,
checkprefix("Transfer-Encoding:", headers->data))
/* HTTP/2 doesn't support chunked requests */
;
- else if(checkprefix("Authorization:", headers->data) &&
+ else if((checkprefix("Authorization:", headers->data) ||
+ checkprefix("Cookie:", headers->data)) &&
/* be careful of sending this potentially sensitive header to
other hosts */
(data->state.this_is_a_follow &&