Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Do not allow forwarding of authorization headers on redirect. #89

Open
wants to merge 3 commits into
base: master
Choose a base branch
from

Commits on Oct 6, 2023

  1. Do not allow forwarding of authorization headers on redirect.

    There is now a flag `auth_on_redirect` that can be set if you need to pass authorization headers.
    This is similar to
    https://curl.se/docs/CVE-2018-1000007.html
    and
    https://nvd.nist.gov/vuln/detail/CVE-2021-31879
    makrsmark committed Oct 6, 2023
    Configuration menu
    Copy the full SHA
    346779b View commit details
    Browse the repository at this point in the history

Commits on Nov 13, 2023

  1. Configuration menu
    Copy the full SHA
    8cf8f1a View commit details
    Browse the repository at this point in the history
  2. allow keeping BasicAuth credentials for relative redirects. This only…

    … works for #open as #download does not have the same informtion
    makrsmark committed Nov 13, 2023
    Configuration menu
    Copy the full SHA
    00010c9 View commit details
    Browse the repository at this point in the history