]> git.ipfire.org Git - thirdparty/curl.git/commitdiff
projects / thirdparty / curl.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 1495489)
http: only send bearer if auth is allowed
authorDaniel Stenberg <daniel@haxx.se>
Fri, 6 Mar 2026 22:13:07 +0000 (23:13 +0100)
committerDaniel Stenberg <daniel@haxx.se>
Sat, 7 Mar 2026 10:00:16 +0000 (11:00 +0100)
Verify with test 2006

Closes #20843

lib/http.c patch | blob | blame | history
tests/data/Makefile.am patch | blob | blame | history
tests/data/test2006 [new file with mode: 0644] patch | blob

diff --git a/lib/http.c b/lib/http.c
index d2f85fc5bf7ba18f7cd4d1c79316cc2412a53271..d61edbd0cd7f627e63633c4ef6b3b5e8c9fa60c3 100644 (file)
--- a/lib/http.c
+++ b/lib/http.c
@@ -705,6 +705,7 @@ static CURLcode output_auth_headers(struct Curl_easy *data,
   if(authstatus->picked == CURLAUTH_BEARER) {
     /* Bearer */
     if(!proxy && data->set.str[STRING_BEARER] &&
+       Curl_auth_allowed_to_host(data) &&
        !Curl_checkheaders(data, STRCONST("Authorization"))) {
       auth = "Bearer";
       result = http_output_bearer(data);
diff --git a/tests/data/Makefile.am b/tests/data/Makefile.am
index f39568d3b81321d1c1833ed5c5f97c8ebbd7ee89..6c8be18b32e4ceb04cd99bc797b4a2f209a282d2 100644 (file)
--- a/tests/data/Makefile.am
+++ b/tests/data/Makefile.am
@@ -243,7 +243,7 @@ test1955 test1956 test1957 test1958 test1959 test1960 test1964 \
 test1970 test1971 test1972 test1973 test1974 test1975 test1976 test1977 \
 test1978 test1979 test1980 test1981 \
 \
-test2000 test2001 test2002 test2003 test2004 test2005 \
+test2000 test2001 test2002 test2003 test2004 test2005 test2006 \
 \
                                                                test2023 \
 test2024 test2025 test2026 test2027 test2028 test2029 test2030 test2031 \
diff --git a/tests/data/test2006 b/tests/data/test2006
new file mode 100644 (file)
index 0000000..200d30a
--- /dev/null
+++ b/tests/data/test2006
@@ -0,0 +1,98 @@
+<?xml version="1.0" encoding="US-ASCII"?>
+<testcase>
+<info>
+<keywords>
+netrc
+HTTP
+</keywords>
+</info>
+# Server-side
+<reply>
+<data crlf="headers">
+HTTP/1.1 301 Follow this you fool
+Date: Tue, 09 Nov 2010 14:49:00 GMT
+Server: test-server/fake
+Last-Modified: Tue, 13 Jun 2000 12:10:00 GMT
+ETag: "21025-dc7-39462498"
+Accept-Ranges: bytes
+Content-Length: 6
+Connection: close
+Location: http://b.com/%TESTNUMBER0002
+
+-foo-
+</data>
+
+<data2 crlf="headers">
+HTTP/1.1 200 OK
+Date: Tue, 09 Nov 2010 14:49:00 GMT
+Server: test-server/fake
+Last-Modified: Tue, 13 Jun 2000 12:10:00 GMT
+ETag: "21025-dc7-39462498"
+Accept-Ranges: bytes
+Content-Length: 7
+Connection: close
+
+target
+</data2>
+
+<datacheck crlf="headers">
+HTTP/1.1 301 Follow this you fool
+Date: Tue, 09 Nov 2010 14:49:00 GMT
+Server: test-server/fake
+Last-Modified: Tue, 13 Jun 2000 12:10:00 GMT
+ETag: "21025-dc7-39462498"
+Accept-Ranges: bytes
+Content-Length: 6
+Connection: close
+Location: http://b.com/%TESTNUMBER0002
+
+HTTP/1.1 200 OK
+Date: Tue, 09 Nov 2010 14:49:00 GMT
+Server: test-server/fake
+Last-Modified: Tue, 13 Jun 2000 12:10:00 GMT
+ETag: "21025-dc7-39462498"
+Accept-Ranges: bytes
+Content-Length: 7
+Connection: close
+
+target
+</datacheck>
+</reply>
+
+# Client-side
+<client>
+<server>
+http
+</server>
+<features>
+proxy
+</features>
+<name>
+.netrc default with redirect plus oauth2-bearer
+</name>
+<command>
+--netrc --netrc-file %LOGDIR/netrc%TESTNUMBER --oauth2-bearer SECRET_TOKEN -L -x http://%HOSTIP:%HTTPPORT/ http://a.com/
+</command>
+<file name="%LOGDIR/netrc%TESTNUMBER" >
+default login testuser password testpass
+</file>
+</client>
+
+<verify>
+<protocol crlf="headers">
+GET http://a.com/ HTTP/1.1
+Host: a.com
+Authorization: Bearer SECRET_TOKEN
+User-Agent: curl/%VERSION
+Accept: */*
+Proxy-Connection: Keep-Alive
+
+GET http://b.com/%TESTNUMBER0002 HTTP/1.1
+Host: b.com
+User-Agent: curl/%VERSION
+Accept: */*
+Proxy-Connection: Keep-Alive
+
+</protocol>
+</verify>
+</testcase>
Mirror of https://github.com/curl/curl.git