[Bug-wget] [bug #56909] wget Authorization header leak via 3xx redirects

Darshit Shah Fri, 04 Oct 2019 12:22:37 -0700

Update of bug #56909 (project wget):

                 Privacy:                 Private => Public


    _______________________________________________________

Follow-up Comment #4:

I agree with Tim here that this is not a security issue.

Wget provides an option to correctly use the Authorization header. If the user
chooses to otherwise coerce Wget into doing something different, we should not
stop them from doing so.

Using `--header=Authorization: ds` means that the user is explicitly opting to
send the header everytime rather than only to a specific domain.

On your request I'm making this issue public.


    _______________________________________________________

Reply to this item at:

  <https://savannah.gnu.org/bugs/?56909>

_______________________________________________
  Message sent via Savannah
  https://savannah.gnu.org/

[Bug-wget] [bug #56909] wget Authorization header leak via 3xx redirects

Reply via email to