mirror of
https://github.com/caddyserver/caddy.git
synced 2025-03-06 18:32:51 +08:00
54acb9b2de
If a site owner protects a path with basicauth, no need to use the Authorization header elsewhere upstream, especially since it contains credentials. If this breaks anyone, it means they're double-dipping. It's usually good practice to clear out credentials as soon as they're not needed anymore. (Note that we only clear credentials after they're used, they stay for any other reason.)