|
From: | Darshit Shah |
Subject: | [Bug-wget] [bug #56909] wget Authorization header leak via 3xx redirects |
Date: | Fri, 4 Oct 2019 15:22:19 -0400 (EDT) |
User-agent: | Mozilla/5.0 (Windows NT 10.0; rv:68.0) Gecko/20100101 Firefox/68.0 |
Update of bug #56909 (project wget): Privacy: Private => Public _______________________________________________________ Follow-up Comment #4: I agree with Tim here that this is not a security issue. Wget provides an option to correctly use the Authorization header. If the user chooses to otherwise coerce Wget into doing something different, we should not stop them from doing so. Using `--header=Authorization: ds` means that the user is explicitly opting to send the header everytime rather than only to a specific domain. On your request I'm making this issue public. _______________________________________________________ Reply to this item at: <https://savannah.gnu.org/bugs/?56909> _______________________________________________ Message sent via Savannah https://savannah.gnu.org/
[Prev in Thread] | Current Thread | [Next in Thread] |