Filter certain headers when redirecting between different hosts - fixes

seanmonstar#10

src/client.rs

@@ -313,8 +313,16 @@ impl RequestBuilder {
                         headers.set(Referer(url.to_string()));
                         urls.push(url);
                         let action = check_redirect(&client.redirect_policy.lock().unwrap(), &loc, &urls);
+
                         match action {
-                            redirect::Action::Follow => loc,
+                            redirect::Action::Follow => {
+                                let cross_host = loc.host().unwrap() != urls.last().unwrap().host().unwrap();
+                                if cross_host {
+                                    headers.remove::<::header::Authorization>();
+                                    headers.remove::<::header::Cookie>();
+                                }
+                                loc
+                            },
                             redirect::Action::Stop => {
                                 debug!("redirect_policy disallowed redirection to '{}'", loc);
                                 return Ok(::response::new(res, client.auto_ungzip.load(Ordering::Relaxed)));