http icon indicating copy to clipboard operation
http copied to clipboard

Published 20 hours ago verified publisher icon httprb

Clear sensitive headers when redirecting to cross-site

Open kyoshidajp opened this issue 6 years ago • 0 comments

Sensitive headers (Authorization and Cookie) are sent to cross-site when redirecting.

For example, an original target URL is http://example.com and redirect to http://example.jp (cross-site). The sample code is the following.

require 'http'

HTTP.headers({Authorization: "Basic xxx", Cookie: "key=value"})
  .follow()
  .get("http://example.com")

This PR might be related to #264.

kyoshidajp avatar Jan 02 '19 02:01 kyoshidajp