Change #272908
| Category | curl |
| Changed by | Alhuda Khan <al.hudz.k@gmail.com> |
| Changed at | Fri 26 Jun 2026 14:50:04 |
| Repository | https://github.com/curl/curl.git |
| Project | curl |
| Branch | master |
| Revision | a36384ab94b868b70b39209ced3e89927a14922d |
Comments
http: trim custom header name before the Authorization drop A custom header name padded with blanks (`Authorization :`) missed the exact-length compare and slipped past the cross-host Authorization and Cookie drop, forwarding the header to the redirect target. Trim the parsed name in both the request and proxy CONNECT header builders. Closes #22178
Changed files
- lib/http.c
- lib/http_proxy.c
- tests/data/Makefile.am
- tests/data/test2113