Uploaded image for project: 'Qt'
  1. Qt
  2. QTBUG-86385

QNetworkAccessManager will pass Authorization header to a different origin

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: P2: Important P2: Important
    • None
    • 5.13.2
    • Network: HTTP

      With FollowRedirectsAttribute enabled, the Authorization header is not being removed from the request headers when the request redirects to a different origin.

      If the new request doesn't match the existing request's hostname; the "Authorization" header must be removed before sending the second request. Currently, this will leak the contents of the header to the destination server.

        No reviews matched the request. Check your Options in the drop-down menu of this sections header.

            manordheim MÃ¥rten Nordheim
            james_emerton James Emerton
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Created:
              Updated:

                There are no open Gerrit changes