Skip to content

Remove auth header after following a redirect to a different origin #770

New issue
New issue
Open
Open
Remove auth header after following a redirect to a different origin#770
Labels
BugSecurity
@pcriv

Description

@pcriv
pcriv
opened on Nov 15, 2023

Currently, when following a redirect, the HTTP client keeps the auth headers which creates a problem for example when redirecting from a custom origin to s3.

Related resources:

https://curl.se/docs/CVE-2018-1000007.html
https://nvd.nist.gov/vuln/detail/CVE-2021-31879

Metadata

Metadata

Assignees

No one assigned

    Labels

    BugSecurity

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions