Message317818
| Author |
Ivan.Pozdeev |
| Recipients |
Ivan.Pozdeev, alex, artem.smotrakov, orsenthil |
| Date |
2018年05月28日.00:11:19 |
| SpamBayes Score |
-1.0 |
| Marked as misclassified |
Yes |
| Message-id |
<1527466280.44.0.682650639539.issue33661@psf.upfronthosting.co.za> |
| In-reply-to |
| Content |
According to https://stackoverflow.com/questions/1969709/how-to-forward-headers-on-http-redirect , there's nothing in the specs that mention (even the possibility) of any special request header processing.
According to https://tools.ietf.org/html/rfc7231#section-6.4 , redirection targets are to be treated as effectively equal to the original URL.
So, there aren't any grounds for the proposed filtering from web standards' POV.
Neither are there from security POV:
once you have given your credentials to a server, it is free to do whatever it wants with them. So, by giving them, you have effectively put down your signature that you trust the server with your data -- which implies trusting its advice where to resend it.
The server could as well do that resending itself and passed you the end result. So, your proposed filtering does not actually achieve anything meaningful.1 |
|
History
|
|---|
| Date |
User |
Action |
Args |
| 2018年05月28日 00:11:20 | Ivan.Pozdeev | set | recipients:
+ Ivan.Pozdeev, orsenthil, alex, artem.smotrakov |
| 2018年05月28日 00:11:20 | Ivan.Pozdeev | set | messageid: <1527466280.44.0.682650639539.issue33661@psf.upfronthosting.co.za> |
| 2018年05月28日 00:11:20 | Ivan.Pozdeev | link | issue33661 messages |
| 2018年05月28日 00:11:19 | Ivan.Pozdeev | create |
|