mirror of
https://github.com/rclone/rclone.git
synced 2024-11-25 17:57:44 +08:00
bc8f0208aa
Before this change the rest package would forward all the headers on
an HTTP redirect, including the Authorization: header. This caused
problems when forwarded to a signed S3 URL ("Only one auth mechanism
allowed") as well as being a potential security risk.
After we use the go1.8+ mechanism for doing this instead of using our
own which does it correctly removing the Authorization: header when
redirecting to a different host.
This hasn't fixed the behaviour for rclone compiled with go1.7.
Fixes #2635
16 lines
309 B
Go
16 lines
309 B
Go
//+build go1.8
|
|
|
|
package rest
|
|
|
|
import (
|
|
"net/http"
|
|
)
|
|
|
|
// ClientWithHeaderReset makes a new http client which resets the
|
|
// headers passed in on redirect
|
|
//
|
|
// This is now unecessary with go1.8 so becomes a no-op
|
|
func ClientWithHeaderReset(c *http.Client, headers map[string]string) *http.Client {
|
|
return c
|
|
}
|