Filter certain headers when redirecting between different hosts - fixes

seanmonstar#10
steverob · May 13, 2017 · ed7f390 · ed7f390
1 parent cd64041
commit ed7f390
Showing 1 changed file with 12 additions and 2 deletions.
diff --git a/src/client.rs b/src/client.rs
@@ -5,7 +5,7 @@ use std::time::Duration;
 
 use hyper::client::IntoUrl;
 use hyper::header::{Headers, ContentType, Location, Referer, UserAgent, Accept, Encoding,
-    AcceptEncoding, Range, qitem};
+    AcceptEncoding, Range, Authorization, Cookie, qitem};
 use hyper::method::Method;
 use hyper::status::StatusCode;
 use hyper::version::HttpVersion;
@@ -313,8 +313,18 @@ impl RequestBuilder {
                         headers.set(Referer(url.to_string()));
                         urls.push(url);
                         let action = check_redirect(&client.redirect_policy.lock().unwrap(), &loc, &urls);
+
                         match action {
-                            redirect::Action::Follow => loc,
+                            redirect::Action::Follow => {
+                                let cross_host = loc.host().unwrap() != urls.last().unwrap().host().unwrap();
+                                if cross_host {
+                                    headers.remove::<Authorization<::header::Basic>>();
+                                    headers.remove::<Authorization<String>>();
+                                    headers.remove::<Authorization<::header::Bearer>>();
+                                    headers.remove::<Cookie>();
+                                }
+                                loc
+                            },
                             redirect::Action::Stop => {
                                 debug!("redirect_policy disallowed redirection to '{}'", loc);
                                 return Ok(::response::new(res, client.auto_ungzip.load(Ordering::Relaxed)));