Open pcriv opened 10 months ago
Currently, when following a redirect, the HTTP client keeps the auth headers which creates a problem for example when redirecting from a custom origin to s3.
HTTP
Related resources:
https://curl.se/docs/CVE-2018-1000007.html https://nvd.nist.gov/vuln/detail/CVE-2021-31879
Currently, when following a redirect, the
HTTP
client keeps the auth headers which creates a problem for example when redirecting from a custom origin to s3.Related resources:
https://curl.se/docs/CVE-2018-1000007.html https://nvd.nist.gov/vuln/detail/CVE-2021-31879