From 1f30dc886d1a4a6e81599a9f5f5e9f60d97801d4 Mon Sep 17 00:00:00 2001
From: Katsuhiko YOSHIDA <claddvd@gmail.com>
Date: Sun, 30 Dec 2018 09:44:30 +0900
Subject: cookies: skip custom cookies when redirecting cross-site

Closes #3417
---
 docs/libcurl/opts/CURLOPT_HTTPHEADER.3 | 4 ++++
 1 file changed, 4 insertions(+)

(limited to 'docs/libcurl/opts')

diff --git a/docs/libcurl/opts/CURLOPT_HTTPHEADER.3 b/docs/libcurl/opts/CURLOPT_HTTPHEADER.3
index bc070915d..9579fc41b 100644
--- a/docs/libcurl/opts/CURLOPT_HTTPHEADER.3
+++ b/docs/libcurl/opts/CURLOPT_HTTPHEADER.3
@@ -87,6 +87,10 @@ those servers will get all the contents of your custom headers too.
 Starting in 7.58.0, libcurl will specifically prevent "Authorization:" headers
 from being sent to other hosts than the first used one, unless specifically
 permitted with the \fICURLOPT_UNRESTRICTED_AUTH(3)\fP option.
+
+Starting in 7.64.0, libcurl will specifically prevent "Cookie:" headers
+from being sent to other hosts than the first used one, unless specifically
+permitted with the \fICURLOPT_UNRESTRICTED_AUTH(3)\fP option.
 .SH DEFAULT
 NULL
 .SH PROTOCOLS
-- 
cgit v1.2.3