[bug #56909] wget Authorization header leak via 3xx redirects

bug-wget

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[bug #56909] wget Authorization header leak via 3xx redirects

From:	Tim Ruehsen
Subject:	[bug #56909] wget Authorization header leak via 3xx redirects
Date:	Thu, 13 May 2021 08:51:47 -0400 (EDT)
User-agent:	Mozilla/5.0 (X11; Linux x86_64; rv:90.0) Gecko/20100101 Firefox/90.0

Follow-up Comment #7, bug #56909 (project wget):

The Authorization is not special when set manually (someone else may want to
use a different header to send private information that should removed on
redirection).

So a new option may allow detailed control over how often each manually set
header can be redirected.

Or simply a leading flag like

--header "0,Authorization: ..." # don't set in redirections
--header "1,Authorization: ..." # set in redirections (default)



    _______________________________________________________

Reply to this item at:

  <https://savannah.gnu.org/bugs/?56909>

_______________________________________________
  Message sent via Savannah
  https://savannah.gnu.org/

[Prev in Thread]

Current Thread

[Next in Thread]

[bug #56909] wget Authorization header leak via 3xx redirects, Cedric Buissart, 2021/05/06
- [bug #56909] wget Authorization header leak via 3xx redirects, Tim Ruehsen <=

Prev by Date: wget bandwidth usage
Next by Date: [bug #60494] Percent character in filename gets escaped twice
Previous by thread: [bug #56909] wget Authorization header leak via 3xx redirects
Next by thread: wget bandwidth usage
Index(es):
- Date
- Thread