Add control so that Authorization: headers aren't forwarded on a 3xx response by default.

author: Joe Gregorio <jcgregorio@google.com> 2012-07-23 14:45:17 -0400
committer: Joe Gregorio <jcgregorio@google.com> 2012-07-23 14:45:17 -0400
commit: b30ed37f0c2209a7f2397c8e7b8d4d252fa16262 (patch)
tree: 011c79385c9d239d8927a6c8295ff215e9ecf85d /python3
parent: 9f1f9ede0faf3f36b8f463f781b9860d8c56009a (diff)
download: httplib2-b30ed37f0c2209a7f2397c8e7b8d4d252fa16262.tar.gz
1 files changed, 5 insertions, 0 deletions
diff --git a/python3/httplib2/__init__.py b/python3/httplib2/__init__.py
index 3ab36a6..5608baa 100644
--- a/python3/httplib2/__init__.py
+++ b/python3/httplib2/__init__.py
@@ -858,6 +858,9 @@ and more.
 
         self.timeout = timeout
 
+        # Keep Authorization: headers on a redirect.
+        self.forward_authorization_headers = False
+
     def _auth_from_challenge(self, host, request_uri, headers, response, content):
         """A generator that creates Authorization objects
            that can be applied to requests.
@@ -990,6 +993,8 @@ and more.
                         del headers['if-none-match']
                     if 'if-modified-since' in headers:
                         del headers['if-modified-since']
+                    if 'authorization' in headers and not self.forward_authorization_headers:
+                        del headers['authorization']
                     if 'location' in response:
                         location = response['location']
                         old_response = copy.deepcopy(response)
author	Joe Gregorio <jcgregorio@google.com>	2012-07-23 14:45:17 -0400
committer	Joe Gregorio <jcgregorio@google.com>	2012-07-23 14:45:17 -0400
commit	b30ed37f0c2209a7f2397c8e7b8d4d252fa16262 (patch)
tree	011c79385c9d239d8927a6c8295ff215e9ecf85d /python3
parent	9f1f9ede0faf3f36b8f463f781b9860d8c56009a (diff)
download	httplib2-b30ed37f0c2209a7f2397c8e7b8d4d252fa16262.tar.gz