-
-
Notifications
You must be signed in to change notification settings - Fork 2.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Warn the user when Authorization header is dropped from the request #9694
Comments
Sorry, I really doubt if the warning is suitable for described scenario. Do you have an example of any alternative library that raises a warning on redirection? |
Actually I was previously using the I think it would be save debugging time for developers if they would know of this behavior either through a warning or through some other means. |
Might be ok to keep the auth header on redirect to same origin when it's an upgrade from http to https but not when it's a downgrade from https to http. I couldn't find RFC guidance on the topic but maybe someone else knows |
I thought this had come up before and we did change it to that behaviour... |
Yeah, looks to me like that should work: Lines 740 to 744 in 753460d
|
Maybe logging is slightly better than raising a warning? |
Logging would be more appropriate, but I'm not too sure that it's worth doing as this should be standard behaviour on all libraries. |
Do you have a reproducer for this? Seems like this should have been working, so there may be an actual bug here. |
If |
Is your feature request related to a problem?
As per the documentation -
However this happens silently and can lead to confusion for the programmer.
Describe the solution you'd like
The library should throw a warning letting the user know that the header has been dropped.
I went through the code and it seems the change below should be sufficient -
Describe alternatives you've considered
Related component
Client
Additional context
No response
Code of Conduct
The text was updated successfully, but these errors were encountered: