Skip to content

Commit f915876

Browse files
authored
Merge pull request #924 from roidelapluie/roidelapluie/redirect-header-comment
config: clarify sensitive redirect headers match net/http
2 parents dfbebd0 + f684fc7 commit f915876

1 file changed

Lines changed: 2 additions & 4 deletions

File tree

config/http_config.go

Lines changed: 2 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -1178,10 +1178,8 @@ func originalRequestHost(req *http.Request) string {
11781178
}
11791179

11801180
// sensitiveHeadersOnRedirect lists the headers that must not be forwarded when
1181-
// following a redirect to a different host. The first four entries match the
1182-
// list stripped by makeHeadersCopier in net/http/client.go; we additionally
1183-
// strip the Proxy-* headers, which net/http does not, to avoid leaking proxy
1184-
// credentials to an untrusted host.
1181+
// following a redirect to a different host. The list matches the one stripped
1182+
// by makeHeadersCopier in net/http/client.go.
11851183
var sensitiveHeadersOnRedirect = map[string]struct{}{
11861184
"Authorization": {},
11871185
// "Www-Authenticate" is the canonical form produced by

0 commit comments

Comments
 (0)