community
/
rclone
3
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
rclone/lib
History
Nick Craig-Wood bc8f0208aa rest: Remove auth headers on HTTP redirect 
Before this change the rest package would forward all the headers on
an HTTP redirect, including the Authorization: header.  This caused
problems when forwarded to a signed S3 URL ("Only one auth mechanism
allowed") as well as being a potential security risk.

After we use the go1.8+ mechanism for doing this instead of using our
own which does it correctly removing the Authorization: header when
redirecting to a different host.

This hasn't fixed the behaviour for rclone compiled with go1.7.

Fixes #2635
 		2018-10-11 21:20:33 +01:00
..
atexit atexit: prevent Run from being called on nil signal 2018-05-12 18:59:25 +02:00
dircache drive: fix DirMove leaving a hardlinked directory behind #2245 2018-04-15 10:12:21 +01:00
israce fs/asyncreader: skip some tests to work around race detector bug 2018-08-20 12:34:29 +01:00
oauthutil Implement new backend config system 2018-07-16 21:20:47 +01:00
pacer S3: Use (custom) pacer, to retry operations when reasonable - fixes #2503 2018-09-11 07:57:03 +01:00
readers readers: add NewPatternReader 2018-10-11 14:47:58 +01:00
rest rest: Remove auth headers on HTTP redirect 2018-10-11 21:20:33 +01:00