This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author Ivan.Pozdeev
Recipients Ivan.Pozdeev, alex, artem.smotrakov, orsenthil
Date 2018-05-28.00:11:19
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <1527466280.44.0.682650639539.issue33661@psf.upfronthosting.co.za>
In-reply-to
Content 
According to https://stackoverflow.com/questions/1969709/how-to-forward-headers-on-http-redirect , there's nothing in the specs that mention (even the possibility) of any special request header processing.

According to https://tools.ietf.org/html/rfc7231#section-6.4 , redirection targets are to be treated as effectively equal to the original URL.

So, there aren't any grounds for the proposed filtering from web standards' POV.


Neither are there from security POV:
once you have given your credentials to a server, it is free to do whatever it wants with them. So, by giving them, you have effectively put down your signature that you trust the server with your data -- which implies trusting its advice where to resend it.
The server could as well do that resending itself and passed you the end result. So, your proposed filtering does not actually achieve anything meaningful.1
History
Date User Action Args
2018-05-28 00:11:20Ivan.Pozdeevsetrecipients: + Ivan.Pozdeev, orsenthil, alex, artem.smotrakov
2018-05-28 00:11:20Ivan.Pozdeevsetmessageid: <1527466280.44.0.682650639539.issue33661@psf.upfronthosting.co.za>
2018-05-28 00:11:20Ivan.Pozdeevlinkissue33661 messages
2018-05-28 00:11:19Ivan.Pozdeevcreate