http: prevent custom Authorization headers in redirects

... unless CURLOPT_UNRESTRICTED_AUTH is set to allow them. This matches how curl already handles Authorization headers created internally. Note: this changes behavior slightly, for the sake of reducing mistakes. Added test 317 and 318 to verify. Reported-by: Craig de Stigter Bug: https://curl.haxx.se/docs/adv_2018-b3bf.html
author: Daniel Stenberg <daniel@haxx.se> 2018-01-19 13:19:25 +0100
committer: Daniel Stenberg <daniel@haxx.se> 2018-01-22 10:00:00 +0100
commit: af32cd3859336ab963591ca0df9b1e33a7ee066b (patch)
tree: ae91ca52a3cbbfabe89c74dda181abbbc40c1150 /lib/urldata.h
parent: 993dd5651a6c853bfe3870f6a69c7b329fa4e8ce (diff)
download: curl-af32cd3859336ab963591ca0df9b1e33a7ee066b.tar.gz
1 files changed, 1 insertions, 1 deletions
diff --git a/lib/urldata.h b/lib/urldata.h
index 4dcd1a322..5c04ad172 100644
--- a/lib/urldata.h
+++ b/lib/urldata.h
@@ -1599,7 +1599,7 @@ struct UserDefined {
   bool http_keep_sending_on_error; /* for HTTP status codes >= 300 */
   bool http_follow_location; /* follow HTTP redirects */
   bool http_transfer_encoding; /* request compressed HTTP transfer-encoding */
-  bool http_disable_hostname_check_before_authentication;
+  bool allow_auth_to_other_hosts;
   bool include_header;   /* include received protocol headers in data output */
   bool http_set_referer; /* is a custom referer used */
   bool http_auto_referer; /* set "correct" referer when following location: */
author	Daniel Stenberg <daniel@haxx.se>	2018-01-19 13:19:25 +0100
committer	Daniel Stenberg <daniel@haxx.se>	2018-01-22 10:00:00 +0100
commit	af32cd3859336ab963591ca0df9b1e33a7ee066b (patch)
tree	ae91ca52a3cbbfabe89c74dda181abbbc40c1150 /lib/urldata.h
parent	993dd5651a6c853bfe3870f6a69c7b329fa4e8ce (diff)
download	curl-af32cd3859336ab963591ca0df9b1e33a7ee066b.tar.gz