github-starred/yaak
2
0
Fork 0
mirror of https://github.com/mountain-loop/yaak.git synced 2026-05-07 11:00:16 -05:00
Code Issues 71 Packages Projects Releases 101 Wiki Activity

[PR #378] [MERGED] Fix header behavior on cross-origin redirects #656

New Issue
Closed
opened 2026-04-16 15:21:02 -05:00 by GiteaMirror · 0 comments
GiteaMirror commented 2026-04-16 15:21:02 -05:00
Owner
Copy Link

📋 Pull Request Information

Original PR: https://github.com/mountain-loop/yaak/pull/378
Author: @gschier
Created: 2/1/2026
Status: Merged
Merged: 2/3/2026
Merged by: @gschier

Base: mainHead: fix-redirects

📝 Commits (1)

  • 8e4fc67 Fix sensitive headers leaking on cross-origin redirects

📊 Changes

1 file changed (+165 additions, -2 deletions)

View changed files

📝 crates/yaak-http/src/transaction.rs (+165 -2)

📄 Description

Summary

  • Strip sensitive headers (Authorization, Cookie, cookie2, Proxy-Authorization, WWW-Authenticate) when following redirects to a different host/port
  • Matches reqwest's remove_sensitive_headers() behavior exactly

Fixes https://feedback.yaak.app/p/strange-basic-auth-behaviour-in-202612

🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.

## 📋 Pull Request Information **Original PR:** https://github.com/mountain-loop/yaak/pull/378 **Author:** [@gschier](https://github.com/gschier) **Created:** 2/1/2026 **Status:** ✅ Merged **Merged:** 2/3/2026 **Merged by:** [@gschier](https://github.com/gschier) **Base:** `main` ← **Head:** `fix-redirects` --- ### 📝 Commits (1) - [`8e4fc67`](https://github.com/mountain-loop/yaak/commit/8e4fc67284b7d7e18340d8ede952952d326caba1) Fix sensitive headers leaking on cross-origin redirects ### 📊 Changes **1 file changed** (+165 additions, -2 deletions) <details> <summary>View changed files</summary> 📝 `crates/yaak-http/src/transaction.rs` (+165 -2) </details> ### 📄 Description ## Summary - Strip sensitive headers (`Authorization`, `Cookie`, `cookie2`, `Proxy-Authorization`, `WWW-Authenticate`) when following redirects to a different host/port - Matches reqwest's `remove_sensitive_headers()` behavior exactly Fixes https://feedback.yaak.app/p/strange-basic-auth-behaviour-in-202612 --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>
GiteaMirror added the pull-request label 2026-04-16 15:21:02 -05:00
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
pull-request
Mirrored from GitHub Pull Request
No Label pull-request
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
GiteaMirror ninjasurge
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: github-starred/yaak#656
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?