diff options
author | Thom May <thom@may.lt> | 2018-03-15 10:17:24 +0000 |
---|---|---|
committer | GitHub <noreply@github.com> | 2018-03-15 10:17:24 +0000 |
commit | 29c116294399a48cce193f206abd4c6ef2faaaea (patch) | |
tree | 010fb8b83d1b3c3a539931d93288512f40efbe30 | |
parent | 9438f510abc4b8bf28ec58038c21ff5f5211c750 (diff) | |
parent | 08b31872bf4094bbef474cae6de6c90fb4245a99 (diff) | |
download | chef-29c116294399a48cce193f206abd4c6ef2faaaea.tar.gz |
Merge pull request #6985 from bugok/http_auth_header
Stripping out Authorization header on redirect to a different host
-rw-r--r-- | lib/chef/http.rb | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/lib/chef/http.rb b/lib/chef/http.rb index 241806da4e..a10906443b 100644 --- a/lib/chef/http.rb +++ b/lib/chef/http.rb @@ -381,7 +381,9 @@ class Chef elsif redirect_location = redirected_to(response) if [:GET, :HEAD].include?(method) follow_redirect do - send_http_request(method, url + redirect_location, headers, body, &response_handler) + redirected_url = url + redirect_location + headers.delete("Authorization") if url.host != redirected_url.host + send_http_request(method, redirected_url, headers, body, &response_handler) end else raise Exceptions::InvalidRedirect, "#{method} request was redirected from #{url} to #{redirect_location}. Only GET and HEAD support redirects." |