Nick Craig-Wood bc8f0208aa rest: Remove auth headers on HTTP redirect ...

Before this change the rest package would forward all the headers on
an HTTP redirect, including the Authorization: header.  This caused
problems when forwarded to a signed S3 URL ("Only one auth mechanism
allowed") as well as being a potential security risk.

After we use the go1.8+ mechanism for doing this instead of using our
own which does it correctly removing the Authorization: header when
redirecting to a different host.

This hasn't fixed the behaviour for rclone compiled with go1.7.

Fixes #2635

2018-10-11 21:20:33 +01:00

..

atexit

atexit: prevent Run from being called on nil signal

2018-05-12 18:59:25 +02:00

dircache

drive: fix DirMove leaving a hardlinked directory behind #2245

2018-04-15 10:12:21 +01:00

israce

fs/asyncreader: skip some tests to work around race detector bug

2018-08-20 12:34:29 +01:00

oauthutil

Implement new backend config system

2018-07-16 21:20:47 +01:00

pacer

S3: Use (custom) pacer, to retry operations when reasonable - fixes #2503

2018-09-11 07:57:03 +01:00

readers

readers: add NewPatternReader

2018-10-11 14:47:58 +01:00

rest

rest: Remove auth headers on HTTP redirect

2018-10-11 21:20:33 +01:00