hackney
hackney copied to clipboard
Authorization header on redirect
Hackney send authorization header on redirect, similar issue as CVE-2018-1000007 in cURL.
cURL uses the flag --location-trusted
. Should we implement something like this?
This can be seen on redirect to S3 from an API that needs Authorization
.