Thirdparty site authorization header leak in mirror/wget

[王念]

wget does not filter the redirected request header, and will pass the 
Authorization request header of the first request to the redirected service, 
resulting in the leakage of the Authorization request