mirror of
https://github.com/rclone/rclone
synced 2024-12-22 13:03:02 +01:00
bc8f0208aa
Before this change the rest package would forward all the headers on an HTTP redirect, including the Authorization: header. This caused problems when forwarded to a signed S3 URL ("Only one auth mechanism allowed") as well as being a potential security risk. After we use the go1.8+ mechanism for doing this instead of using our own which does it correctly removing the Authorization: header when redirecting to a different host. This hasn't fixed the behaviour for rclone compiled with go1.7. Fixes #2635 |
||
---|---|---|
.. | ||
rest_header_reset_go17.go | ||
rest_header_reset.go | ||
rest.go | ||
url_test.go | ||
url.go |