Descriptionnet/http: Fix authentication info leakage in Referer header (potential security risk)
http.Client calls URL.String() to fill in the Referer header, which may
contain authentication info. This patch removes authentication info from
the Referer header without introducing any API changes.
A new test for net/http is also provided.
That's the polished version of CL 9766046. It should handle https Referer right.
Related to CL: https://codereview.appspot.com/9766046/
Fixes issue 8417.
Patch Set 1 #Patch Set 2 : diff -r bc0fe81c7252a5597bbc02c82f6a09f649c3e91e https://code.google.com/p/go #Patch Set 3 : diff -r be3fe3a1120009c4d0b9b5d497b0c8d274177292 https://code.google.com/p/go #
Total comments: 6
Patch Set 4 : diff -r 442fb01a3731b772e7e6f73b0edc4de2d81e4efc https://code.google.com/p/go #
MessagesTotal messages: 7
|