Re: [whatwg/fetch] Do redirects copy the headers from the initial requests (#553) from Patrick Toomey on 2019-09-30 (public-webapps-github@w3.org from September 2019)

From: Patrick Toomey <notifications@github.com>
Date: Mon, 30 Sep 2019 12:25:42 -0700
To: whatwg/fetch <fetch@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <whatwg/fetch/issues/553/536714165@github.com>

Stumbled upon this thread and had a question about this as it relates to things like an `Authorization` header. In talking to a developer I work with, they noticed that it appeared the the authorization header is sent in the redirect request. That seems unexpected/risky since the redirect is to another domain. Is that expected behavior? 

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/whatwg/fetch/issues/553#issuecomment-536714165

Received on Monday, 30 September 2019 19:26:04 UTC