cookies: skip custom cookies when redirecting cross-site

Closes #3417
author: Katsuhiko YOSHIDA <claddvd@gmail.com> 2018-12-30 09:44:30 +0900
committer: Daniel Stenberg <daniel@haxx.se> 2019-01-09 15:18:08 +0100
commit: 1f30dc886d1a4a6e81599a9f5f5e9f60d97801d4 (patch)
tree: 3515976f028d9876632c34e52c2321c15c986fcb /docs/libcurl/opts/CURLOPT_HTTPHEADER.3
parent: 89165c1a947e8c91ca1b380b3a543eb1034f4969 (diff)
download: curl-1f30dc886d1a4a6e81599a9f5f5e9f60d97801d4.tar.gz
1 files changed, 4 insertions, 0 deletions
diff --git a/docs/libcurl/opts/CURLOPT_HTTPHEADER.3 b/docs/libcurl/opts/CURLOPT_HTTPHEADER.3
index bc070915d..9579fc41b 100644
--- a/docs/libcurl/opts/CURLOPT_HTTPHEADER.3
+++ b/docs/libcurl/opts/CURLOPT_HTTPHEADER.3
@@ -87,6 +87,10 @@ those servers will get all the contents of your custom headers too.
 Starting in 7.58.0, libcurl will specifically prevent "Authorization:" headers
 from being sent to other hosts than the first used one, unless specifically
 permitted with the \fICURLOPT_UNRESTRICTED_AUTH(3)\fP option.
+
+Starting in 7.64.0, libcurl will specifically prevent "Cookie:" headers
+from being sent to other hosts than the first used one, unless specifically
+permitted with the \fICURLOPT_UNRESTRICTED_AUTH(3)\fP option.
 .SH DEFAULT
 NULL
 .SH PROTOCOLS
author	Katsuhiko YOSHIDA <claddvd@gmail.com>	2018-12-30 09:44:30 +0900
committer	Daniel Stenberg <daniel@haxx.se>	2019-01-09 15:18:08 +0100
commit	1f30dc886d1a4a6e81599a9f5f5e9f60d97801d4 (patch)
tree	3515976f028d9876632c34e52c2321c15c986fcb /docs/libcurl/opts/CURLOPT_HTTPHEADER.3
parent	89165c1a947e8c91ca1b380b3a543eb1034f4969 (diff)
download	curl-1f30dc886d1a4a6e81599a9f5f5e9f60d97801d4.tar.gz