Ah yes, another option could indeed be a way to solve it. Alternatively, we introduce a second value to set CURLOPT_UNRESTRICTED_AUTH to, to have it also affect custom Authorization: headers. Ĺike make it a bitfield or something.

---
** [bugs:#1421] Custom Authorization is sent with CURLOPT_UNRESTRICTED_AUTH**
**Status:** open
**Labels:** Authorization CURLOPT_UNRESTRICTED_AUTH 
**Created:** Wed Sep 03, 2014 01:16 PM UTC by lietus
**Last Updated:** Thu Sep 04, 2014 02:13 PM UTC
**Owner:** Daniel Stenberg
Hi,

-----
Reproduce with:

Setup: 
    curl_easy_setopt (m_curl, CURLOPT_FOLLOWLOCATION, 1);
    curl_easy_setopt (m_curl, CURLOPT_UNRESTRICTED_AUTH, 0L);
    Authorization header set with CURLOPT_HTTPHEADER

Case: 
    HttpStatus Found with redirect to different host

Result: 
    Authorization header is sent to different host

Expected: 
    (fails) Authorization header is not sent when redirecting to different host
-----

This does not seem to be by design. We are using token based authorization, so curl API for setting USERNAME and PASSWORD authentication cannot be used.

Related code: 
http.c(717): result = output_auth_headers(conn, authhost, request, path, FALSE);

Thanks
---
Sent from sourceforge.net because curl-tracker@cool.haxx.se is subscribed to https://sourceforge.net/p/curl/bugs/
To unsubscribe from further messages, a project admin can change settings at https://sourceforge.net/p/curl/admin/bugs/options.  Or, if this is a mailing list, you can unsubscribe from the mailing list.