github.com/rigado/snapd@v2.42.5-go-mod+incompatible/httputil/redirect17.go

github.com/rigado/snapd@v2.42.5-go-mod+incompatible/httputil/redirect17.go (about)

     1  // +build !go1.8
     2  
     3  /*
     4   * Copyright (C) 2016-2017 Canonical Ltd
     5   *
     6   * This program is free software: you can redistribute it and/or modify
     7   * it under the terms of the GNU General Public License version 3 as
     8   * published by the Free Software Foundation.
     9   *
    10   * This program is distributed in the hope that it will be useful,
    11   * but WITHOUT ANY WARRANTY; without even the implied warranty of
    12   * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    13   * GNU General Public License for more details.
    14   *
    15   * You should have received a copy of the GNU General Public License
    16   * along with this program.  If not, see <http://www.gnu.org/licenses/>.
    17   *
    18   */
    19  
    20  package httputil
    21  
    22  import (
    23  	"net/http"
    24  	"strings"
    25  )
    26  
    27  func fixupHeadersForRedirect(req *http.Request, via []*http.Request) {
    28  	// preserve some headers across redirects (needed for the CDN)
    29  	// (this is done automatically, slightly more cleanly, from 1.8)
    30  	for k, v := range via[0].Header {
    31  		switch strings.ToLower(k) {
    32  		case "authorization", "www-authenticate", "cookie", "cookie2":
    33  			// Do not copy sensitive headers across
    34  			// redirects. For rationale for which headers and
    35  			// why, see https://golang.org/pkg/net/http/#Client
    36  		default:
    37  			req.Header[k] = v
    38  		}
    39  	}
    40  }