search

php-http / client-common

Common HTTP Client implementations and tools for HTTPlug
http://httplug.io
MIT License
1.01k stars 53 forks source link

remove body on redirection if needed #222

Closed dbu closed 1 year ago

dbu commented 1 year ago
Q A
Bug fix? yes
New feature? yes
BC breaks? no (except when relying on the behaviour)
Deprecations? no
Related tickets fixes #205
Documentation https://github.com/php-http/documentation/pull/298
License MIT

What's in this PR?

Remove the body and content-type and content-length headers when following a redirection.

Why?

Sending a body to a different target than the intended one is usually not desired and can pose a security risk.

Checklist

GrahamCampbell commented 1 year ago

~This should only be done if there's a change in origin.~ The title mis-lead me. Having read over the diff, I see the purpose here is to remove the body on GET/HEAD redirect.

dbu commented 1 year ago

thanks. good point, i fixed the changelog to be clear about when we remove the body, and also explained it in the documentation