Descriptionnet/http: Fix authentication info leakage in Referer header (potential security risk)
http.Client calls URL.String() to fill in the Referer header, which may
contain authentication info. This patch removes authentication info from the Referer header without introducing any API changes.
A new test for net/http is also provided.
Patch Set 1 #Patch Set 2 : diff -r 1faca3687fe6 https://code.google.com/p/go #Patch Set 3 : diff -r 1faca3687fe6 https://code.google.com/p/go #Patch Set 4 : diff -r b2560a1d1e52 https://code.google.com/p/go #Patch Set 5 : diff -r b2560a1d1e52 https://code.google.com/p/go #
Total comments: 1
Patch Set 6 : diff -r 654ca7de0282 https://code.google.com/p/go #
MessagesTotal messages: 16
|