[bug #56909] wget Authorization header leak via 3xx redirects

bug-wget

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[bug #56909] wget Authorization header leak via 3xx redirects

From:	Cedric Buissart
Subject:	[bug #56909] wget Authorization header leak via 3xx redirects
Date:	Mon, 20 Sep 2021 14:42:00 -0400 (EDT)
User-agent:	Mozilla/5.0 (X11; Fedora; Linux x86_64; rv:92.0) Gecko/20100101 Firefox/92.0

Follow-up Comment #9, bug #56909 (project wget):

How about adding a warning in the documentation and/or man page ? 
That feels like a simple solution :

- RFC is still respected, there are no change in behavior or added options
- Users have a way to be warned that manually adding Authenticate  headers (or
any headers with secret data) may be leaked on 30x response, and thus should
be manipulated with care.

    _______________________________________________________

Reply to this item at:

  <https://savannah.gnu.org/bugs/?56909>

_______________________________________________
  Message sent via Savannah
  https://savannah.gnu.org/

[Prev in Thread]

Current Thread

[Next in Thread]

[bug #56909] wget Authorization header leak via 3xx redirects, Cedric Buissart <=

Prev by Date: [bug #61165] On Ubuntu 20.04, page requisites not working
Next by Date: GNU Wget2 2.0.0 released
Previous by thread: [bug #61165] On Ubuntu 20.04, page requisites not working
Next by thread: GNU Wget2 2.0.0 released
Index(es):
- Date
- Thread