1
mirror of https://github.com/rclone/rclone synced 2024-12-22 13:03:02 +01:00
rclone/lib/rest
Nick Craig-Wood bc8f0208aa rest: Remove auth headers on HTTP redirect
Before this change the rest package would forward all the headers on
an HTTP redirect, including the Authorization: header.  This caused
problems when forwarded to a signed S3 URL ("Only one auth mechanism
allowed") as well as being a potential security risk.

After we use the go1.8+ mechanism for doing this instead of using our
own which does it correctly removing the Authorization: header when
redirecting to a different host.

This hasn't fixed the behaviour for rclone compiled with go1.7.

Fixes #2635
2018-10-11 21:20:33 +01:00
..
rest_header_reset_go17.go rest: Remove auth headers on HTTP redirect 2018-10-11 21:20:33 +01:00
rest_header_reset.go rest: Remove auth headers on HTTP redirect 2018-10-11 21:20:33 +01:00
rest.go rest: Remove auth headers on HTTP redirect 2018-10-11 21:20:33 +01:00
url_test.go Move dircache, oauthutil, rest and pacer modules into lib 2018-01-12 17:07:38 +00:00
url.go Move dircache, oauthutil, rest and pacer modules into lib 2018-01-12 17:07:38 +00:00