diff options
author | Katsuhiko YOSHIDA <claddvd@gmail.com> | 2018-12-30 09:44:30 +0900 |
---|---|---|
committer | Daniel Stenberg <daniel@haxx.se> | 2019-01-09 15:18:08 +0100 |
commit | 1f30dc886d1a4a6e81599a9f5f5e9f60d97801d4 (patch) | |
tree | 3515976f028d9876632c34e52c2321c15c986fcb /lib | |
parent | 89165c1a947e8c91ca1b380b3a543eb1034f4969 (diff) |
cookies: skip custom cookies when redirecting cross-site
Closes #3417
Diffstat (limited to 'lib')
-rw-r--r-- | lib/http.c | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/lib/http.c b/lib/http.c index 303535af6..dd98e4a12 100644 --- a/lib/http.c +++ b/lib/http.c @@ -1835,7 +1835,8 @@ CURLcode Curl_add_custom_headers(struct connectdata *conn, checkprefix("Transfer-Encoding:", headers->data)) /* HTTP/2 doesn't support chunked requests */ ; - else if(checkprefix("Authorization:", headers->data) && + else if((checkprefix("Authorization:", headers->data) || + checkprefix("Cookie:", headers->data)) && /* be careful of sending this potentially sensitive header to other hosts */ (data->state.this_is_a_follow && |