mirror of
https://github.com/rclone/rclone.git
synced 2024-11-30 04:23:48 +08:00
bc8f0208aa
Before this change the rest package would forward all the headers on an HTTP redirect, including the Authorization: header. This caused problems when forwarded to a signed S3 URL ("Only one auth mechanism allowed") as well as being a potential security risk. After we use the go1.8+ mechanism for doing this instead of using our own which does it correctly removing the Authorization: header when redirecting to a different host. This hasn't fixed the behaviour for rclone compiled with go1.7. Fixes #2635
16 lines
309 B
Go
16 lines
309 B
Go
//+build go1.8
|
|
|
|
package rest
|
|
|
|
import (
|
|
"net/http"
|
|
)
|
|
|
|
// ClientWithHeaderReset makes a new http client which resets the
|
|
// headers passed in on redirect
|
|
//
|
|
// This is now unecessary with go1.8 so becomes a no-op
|
|
func ClientWithHeaderReset(c *http.Client, headers map[string]string) *http.Client {
|
|
return c
|
|
}
|