Uploaded image for project: 'Qt'
  1. Qt
  2. QTBUG-86385

QNetworkAccessManager will pass Authorization header to a different origin

    XMLWordPrintable

Details

    • Bug
    • Resolution: Unresolved
    • P2: Important
    • None
    • 5.13.2
    • Network: HTTP

    Description

      With FollowRedirectsAttribute enabled, the Authorization header is not being removed from the request headers when the request redirects to a different origin.

      If the new request doesn't match the existing request's hostname; the "Authorization" header must be removed before sending the second request. Currently, this will leak the contents of the header to the destination server.

      Attachments

        No reviews matched the request. Check your Options in the drop-down menu of this sections header.

        Activity

          People

            manordheim MÃ¥rten Nordheim
            james_emerton James Emerton
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated:

              Gerrit Reviews

                There are no open Gerrit changes