From: Daniel Stenberg <daniel@haxx.se>
Date: Sat, 30 May 2015 22:39:19 +0000 (+0200)
Subject: 5.6 Refuse "downgrade" redirects
X-Git-Tag: curl-7_43_0~60
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=4e7c3c12d32ad3e8d939dfd2fcd7fca84d42cd9c;p=thirdparty%2Fcurl.git

5.6 Refuse "downgrade" redirects
---

diff --git a/docs/TODO b/docs/TODO
index 0ffa8df816..7791ea2915 100644
--- a/docs/TODO
+++ b/docs/TODO
@@ -49,6 +49,7 @@
  5.3 Rearrange request header order
  5.4 SPDY
  5.5 auth= in URLs
+ 5.6 Refuse "downgrade" redirects
 
  6. TELNET
  6.1 ditch stdin
@@ -348,6 +349,14 @@ This is not detailed in any FTP specification.
 
  Additionally this should be implemented for proxy base URLs as well.
 
+5.6 Refuse "downgrade" redirects
+
+ See https://github.com/bagder/curl/issues/226
+
+ Consider a way to tell curl to refuse to "downgrade" protocol with a redirect
+ and/or possibly a bit that refuses redirect to change protocol completely.
+
+
 6. TELNET
 
 6.1 ditch stdin