]> git.ipfire.org Git - thirdparty/tornado.git/commit
projects / thirdparty / tornado.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: d3562c9) | patch
simple_httpclient: Strip auth headers on cross-origin redirects 3628/head
authorBen Darnell <ben@bendarnell.com>
Wed, 27 May 2026 01:30:28 +0000 (21:30 -0400)
committerBen Darnell <ben@bendarnell.com>
Wed, 27 May 2026 16:11:49 +0000 (12:11 -0400)
commitbc717035f3972cde303e752c586a41941271fe98
tree42a7f4144291425a430b91f98bc150c1905f9569tree | snapshot
parentd3562c9a498cf8629b252449cd14499593ffbe4acommit | diff
simple_httpclient: Strip auth headers on cross-origin redirects

When following a redirect to a different origin (scheme, host, or port),
auth-related headers (Authorization and Cookie) should be stripped to
avoid exposing them to the new host.
tornado/simple_httpclient.py diff | blob | blame | history
tornado/test/httpclient_test.py diff | blob | blame | history
Mirror of https://github.com/tornadoweb/tornado.git