Follow-up Comment #5, bug #56909 (project wget):
Hi, I originally reported this issue. The only reason I reported it as a
security issue was due to it matching the cve for curl. I was originally going
to report it as a bug, due to the fact it breaks pulling down files from a
generated(redirected) presigned aws s3 download link.
I use the header option because I'd prefer not to store, and/or use raw
passwords on a system. Storing the auth header isn't secure by no means, but
it's better than raw username and password stored in a file. But as it stands
I have to use raw username and password to be able to pull down files from a
presigned s3 link if using wget. This is because when using the auth header it
is forwarded to aws, and aws throws a "ERROR 400: Bad Request" every time.
Would it be possible to add a parameter to not forward the auth header on
redirects, or make it default to not forwarding unless you pass a parameter
telling it to forward the header like curl implemented?
_______________________________________________________
Reply to this item at:
<https://savannah.gnu.org/bugs/?56909>
_______________________________________________
Message sent via Savannah
https://savannah.gnu.org/
