HTTP.jl icon indicating copy to clipboard operation
HTTP.jl copied to clipboard
verified publisher icon JuliaWeb

`SENSITIVE_HEADERS` checks should not be case-sensitive

Open Moelf opened this issue 2 months ago • 0 comments

[Found by ZeroPath and manually checked by me]

https://github.com/JuliaWeb/HTTP.jl/blob/e7feb99bf1d4165c7e3e28171eefeb7652ec2773/src/clientlayers/RedirectRequest.jl#L44-L45

https://github.com/JuliaWeb/HTTP.jl/blob/e7feb99bf1d4165c7e3e28171eefeb7652ec2773/src/clientlayers/RedirectRequest.jl#L69-L74

if there's a header like authorization, we would misjudge it as being not sensitive and forward it, which is a security flaw

Moelf avatar Oct 03 '25 19:10 Moelf