[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[bug #56909] wget Authorization header leak via 3xx redirects
From: |
Cedric Buissart |
Subject: |
[bug #56909] wget Authorization header leak via 3xx redirects |
Date: |
Mon, 20 Sep 2021 14:42:00 -0400 (EDT) |
User-agent: |
Mozilla/5.0 (X11; Fedora; Linux x86_64; rv:92.0) Gecko/20100101 Firefox/92.0 |
Follow-up Comment #9, bug #56909 (project wget):
How about adding a warning in the documentation and/or man page ?
That feels like a simple solution :
- RFC is still respected, there are no change in behavior or added options
- Users have a way to be warned that manually adding Authenticate headers (or
any headers with secret data) may be leaked on 30x response, and thus should
be manipulated with care.
_______________________________________________________
Reply to this item at:
<https://savannah.gnu.org/bugs/?56909>
_______________________________________________
Message sent via Savannah
https://savannah.gnu.org/
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [bug #56909] wget Authorization header leak via 3xx redirects,
Cedric Buissart <=