So, any chance you can write up a patch for this and send to the curl-library mailing list for discussion and review?

---
** [bugs:#1421] Custom Authorization is sent with CURLOPT_UNRESTRICTED_AUTH**
**Status:** open
**Labels:** Authorization CURLOPT_UNRESTRICTED_AUTH 
**Created:** Wed Sep 03, 2014 01:16 PM UTC by lietus
**Last Updated:** Fri Sep 05, 2014 08:08 AM UTC
**Owner:** Daniel Stenberg
Hi,
-----
Reproduce with:
Setup: 
    curl_easy_setopt (m_curl, CURLOPT_FOLLOWLOCATION, 1);
    curl_easy_setopt (m_curl, CURLOPT_UNRESTRICTED_AUTH, 0L);
    Authorization header set with CURLOPT_HTTPHEADER
Case: 
    HttpStatus Found with redirect to different host
Result: 
    Authorization header is sent to different host
Expected: 
    (fails) Authorization header is not sent when redirecting to different host
-----
This does not seem to be by design. We are using token based authorization, so curl API for setting USERNAME and PASSWORD authentication cannot be used.
Related code: 
http.c(717): result = output_auth_headers(conn, authhost, request, path, FALSE);
Thanks
---
Sent from sourceforge.net because curl-tracker@cool.haxx.se is subscribed to https://sourceforge.net/p/curl/bugs/
To unsubscribe from further messages, a project admin can change settings at https://sourceforge.net/p/curl/admin/bugs/options.  Or, if this is a mailing list, you can unsubscribe from the mailing list.