[Bug-wget] [bug #56909] wget Authorization header leak via 3xx redirects

bug-wget

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Bug-wget] [bug #56909] wget Authorization header leak via 3xx redirects

From:	Darshit Shah
Subject:	[Bug-wget] [bug #56909] wget Authorization header leak via 3xx redirects
Date:	Fri, 4 Oct 2019 15:22:19 -0400 (EDT)
User-agent:	Mozilla/5.0 (Windows NT 10.0; rv:68.0) Gecko/20100101 Firefox/68.0

Update of bug #56909 (project wget):

                 Privacy:                 Private => Public                 

    _______________________________________________________

Follow-up Comment #4:

I agree with Tim here that this is not a security issue.

Wget provides an option to correctly use the Authorization header. If the user
chooses to otherwise coerce Wget into doing something different, we should not
stop them from doing so.

Using `--header=Authorization: ds` means that the user is explicitly opting to
send the header everytime rather than only to a specific domain.

On your request I'm making this issue public.


    _______________________________________________________

Reply to this item at:

  <https://savannah.gnu.org/bugs/?56909>

_______________________________________________
  Message sent via Savannah
  https://savannah.gnu.org/

[Prev in Thread]

Current Thread

[Next in Thread]

[Bug-wget] [bug #56909] wget Authorization header leak via 3xx redirects, Darshit Shah <=
- [Bug-wget] [bug #56909] wget Authorization header leak via 3xx redirects, Ryan Blakley, 2019/10/14

Prev by Date: [Bug-wget] [bug #56992] Support --retry-on-http-error ranges
Next by Date: [Bug-wget] [bug #56992] Support --retry-on-http-error ranges
Previous by thread: [Bug-wget] [bug #56992] Support --retry-on-http-error ranges
Next by thread: [Bug-wget] [bug #56909] wget Authorization header leak via 3xx redirects
Index(es):
- Date
- Thread