hackney icon indicating copy to clipboard operation
hackney copied to clipboard

Published 20 hours ago verified publisher icon benoitc

Authorization header on redirect

Open speeddragon opened this issue 2 years ago • 0 comments

Hackney send authorization header on redirect, similar issue as CVE-2018-1000007 in cURL.

cURL uses the flag --location-trusted. Should we implement something like this?

This can be seen on redirect to S3 from an API that needs Authorization.

speeddragon avatar Feb 20 '22 22:02 speeddragon