Katsuhiko YOSHIDA <clad...@gmail.com> added the comment: Thanks. But I think the “add_unredirected_header” is not enough.
These sensitive headers should be removed only when redirecting to cross-site automatically for security like HTTPBasicAuthHandler of urllib2. In order to fulfill this requirement, I think the operation should be in HTTPRedirectHandler.redirect_request. ---------- _______________________________________ Python tracker <rep...@bugs.python.org> <https://bugs.python.org/issue33661> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com