github.com/rigado/snapd@v2.42.5-go-mod+incompatible/httputil/redirect17.go (about) 1 // +build !go1.8 2 3 /* 4 * Copyright (C) 2016-2017 Canonical Ltd 5 * 6 * This program is free software: you can redistribute it and/or modify 7 * it under the terms of the GNU General Public License version 3 as 8 * published by the Free Software Foundation. 9 * 10 * This program is distributed in the hope that it will be useful, 11 * but WITHOUT ANY WARRANTY; without even the implied warranty of 12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 * GNU General Public License for more details. 14 * 15 * You should have received a copy of the GNU General Public License 16 * along with this program. If not, see <http://www.gnu.org/licenses/>. 17 * 18 */ 19 20 package httputil 21 22 import ( 23 "net/http" 24 "strings" 25 ) 26 27 func fixupHeadersForRedirect(req *http.Request, via []*http.Request) { 28 // preserve some headers across redirects (needed for the CDN) 29 // (this is done automatically, slightly more cleanly, from 1.8) 30 for k, v := range via[0].Header { 31 switch strings.ToLower(k) { 32 case "authorization", "www-authenticate", "cookie", "cookie2": 33 // Do not copy sensitive headers across 34 // redirects. For rationale for which headers and 35 // why, see https://golang.org/pkg/net/http/#Client 36 default: 37 req.Header[k] = v 38 } 39 } 40 }