Closed dbu closed 1 year ago
~This should only be done if there's a change in origin.~ The title mis-lead me. Having read over the diff, I see the purpose here is to remove the body on GET/HEAD redirect.
thanks. good point, i fixed the changelog to be clear about when we remove the body, and also explained it in the documentation
What's in this PR?
Remove the body and content-type and content-length headers when following a redirection.
Why?
Sending a body to a different target than the intended one is usually not desired and can pose a security risk.
Checklist