rclone

extern/rclone

Fork 0

mirror of https://github.com/rclone/rclone.git synced 2024-11-27 10:54:56 +01:00

Commit Graph

Author	SHA1	Message	Date
Nick Craig-Wood	bc8f0208aa	rest: Remove auth headers on HTTP redirect Before this change the rest package would forward all the headers on an HTTP redirect, including the Authorization: header. This caused problems when forwarded to a signed S3 URL ("Only one auth mechanism allowed") as well as being a potential security risk. After we use the go1.8+ mechanism for doing this instead of using our own which does it correctly removing the Authorization: header when redirecting to a different host. This hasn't fixed the behaviour for rclone compiled with go1.7. Fixes #2635	2018-10-11 21:20:33 +01:00

Author

SHA1

Message

Date

Nick Craig-Wood

bc8f0208aa

rest: Remove auth headers on HTTP redirect

Before this change the rest package would forward all the headers on
an HTTP redirect, including the Authorization: header.  This caused
problems when forwarded to a signed S3 URL ("Only one auth mechanism
allowed") as well as being a potential security risk.

After we use the go1.8+ mechanism for doing this instead of using our
own which does it correctly removing the Authorization: header when
redirecting to a different host.

This hasn't fixed the behaviour for rclone compiled with go1.7.

Fixes #2635

2018-10-11 21:20:33 +01:00

1 Commits