From af32cd3859336ab963591ca0df9b1e33a7ee066b Mon Sep 17 00:00:00 2001
From: Daniel Stenberg <daniel@haxx.se>
Date: Fri, 19 Jan 2018 13:19:25 +0100
Subject: http: prevent custom Authorization headers in redirects

... unless CURLOPT_UNRESTRICTED_AUTH is set to allow them. This matches how
curl already handles Authorization headers created internally.

Note: this changes behavior slightly, for the sake of reducing mistakes.

Added test 317 and 318 to verify.

Reported-by: Craig de Stigter
Bug: https://curl.haxx.se/docs/adv_2018-b3bf.html
---
 tests/data/Makefile.inc | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'tests/data/Makefile.inc')

diff --git a/tests/data/Makefile.inc b/tests/data/Makefile.inc
index 7e3ca25d5..a2cf70bcd 100644
--- a/tests/data/Makefile.inc
+++ b/tests/data/Makefile.inc
@@ -55,7 +55,7 @@ test280 test281 test282 test283 test284 test285 test286 test287 test288 \
 test289 test290 test291 test292 test293 test294 test295 test296 test297 \
 test298 test299 test300 test301 test302 test303 test304 test305 test306 \
 test307 test308 test309 test310 test311 test312 test313 test314 test315 \
-test316                         test320 test321 test322 test323 test324 \
+test316 test317 test318         test320 test321 test322 test323 test324 \
 test325 \
 test350 test351 test352 test353 test354 \
 test393 test394 test395 \
-- 
cgit v1.2.3