Drop Content-Length headers on GET redirects

diff --git a/httpx/middleware.py b/httpx/middleware.py
index 4ed750e6bb7fcf7c5c13d1a76cfee06c983d097a..670d96bc113b6ad0186b6245eab709b418af3292 100644 (file)
--- a/httpx/middleware.py
+++ b/httpx/middleware.py
@@ -88,7 +88,7 @@ class RedirectMiddleware(BaseMiddleware):
     ) -> AsyncRequest:
         method = self.redirect_method(request, response)
         url = self.redirect_url(request, response)
-        headers = self.redirect_headers(request, url)  # TODO: merge headers?
+        headers = self.redirect_headers(request, url, method)  # TODO: merge headers?
         content = self.redirect_content(request, method)
         cookies = Cookies(self.cookies)
         cookies.update(request.cookies)
@@ -138,15 +138,22 @@ class RedirectMiddleware(BaseMiddleware):
 
         return url
 
-    def redirect_headers(self, request: AsyncRequest, url: URL) -> Headers:
+    def redirect_headers(self, request: AsyncRequest, url: URL, method: str) -> Headers:
         """
-        Strip Authorization headers when responses are redirected away from
-        the origin.
+        Return the headers that should be used for the redirect request.
         """
         headers = Headers(request.headers)
+
         if url.origin != request.url.origin:
+            # Strip Authorization headers when responses are redirected away from
+            # the origin.
             del headers["Authorization"]
-            del headers["host"]
+            del headers["Host"]
+
+        if method != request.method and method == "GET":
+            # Strip Content-Length headers when we've switch to a 'GET' request.
+            del headers["Content-Length"]
+
         return headers
 
     def redirect_content(self, request: AsyncRequest, method: str) -> bytes: