Clear host header for cross-domain redirection #32

VoidMonk · 2017-05-24T00:38:27Z

Found a minor issue: if a request redirects from hostname A to hostname B, then the host header from the previous request must be cleared, else it will return a HTTP error 404 (or similar) from the destination server of hostname B.

Example httpbin test URL: https://httpbin.org/redirect-to?url=http%3A%2F%2Fexample.com%2F (redirects from httpbin.org to example.com).

Possible fix: add delete opts.headers['host'] to clear previous request's host header in parseOptsUrl() around line 103.

As a sidenote, you probably don't need delete opts.url in parseOptsUrl() at line 103. Should be safe to keep opts.url.

The text was updated successfully, but these errors were encountered:

feross · 2018-04-24T19:37:52Z

For what it's worth, request opted to not fix this issue, i.e. to leave the Host header intact on redirects. But I think it's more sensible to remove it. psf/requests#2366

Fixed in 2.7.1.

#32

- clearer code when detecting if a custom 'accept-encoding' header is being used. - allows any casing of `Host`/`host`/`HoSt` header to be removed upon redirect, making the fix to #32 more robust

feross added a commit that referenced this issue Apr 24, 2018

test: Add failing test for #32

ffdd674

#32

feross closed this as completed in 1ec2322 Apr 24, 2018

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Clear host header for cross-domain redirection #32

Clear host header for cross-domain redirection #32

VoidMonk commented May 24, 2017

feross commented Apr 24, 2018

Clear host header for cross-domain redirection #32

Clear host header for cross-domain redirection #32

Comments

VoidMonk commented May 24, 2017

feross commented Apr 24, 2018