root/golib
1
0
Fork 0
mirror of https://github.com/therootcompany/golib.git synced 2026-04-24 20:58:00 +00:00
Code Issues Projects Releases Wiki Activity

fix: restore auth stripping on redirect, keyed off AuthHeader

Browse Source
This commit is contained in:
AJ ONeal 2026-04-20 09:59:27 -06:00
parent 3feb248ce1
commit 4e8321af97
No known key found for this signature in database
1 changed files with 9 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
net/httpcache/httpcache.go
View File

@ -121,6 +121,15 @@ func (c *Cacher) Fetch() (updated bool, err error) {
} }
client := &http.Client{Timeout: timeout, Transport: transport} client := &http.Client{Timeout: timeout, Transport: transport}
if c.AuthHeader != "" {
// Strip auth before following any redirect — redirect targets (e.g.
// presigned S3/R2 URLs) must not receive our credentials.
authHeader := c.AuthHeader
client.CheckRedirect = func(req *http.Request, via []*http.Request) error {
req.Header.Del(authHeader)
return nil
}
}
resp, err := client.Do(req) resp, err := client.Do(req)
if err != nil { if err != nil {