[22] Undici's Proxy-Authorization header not cleared on cross-origin redirect for dispatch, request, stream, pipeline #442
Labels
No labels
blocked
duplicate
enhancement
good first issue
help wanted
invalid
needs criteria
needs estimate
needs testing
question
type
admin
type
bug
type
change
type
defect
type
dependencies
type
documentation
type
epic
type
incident
type
investigation
type
spike
type
story
type
subtask
wontfix
blocked
duplicate
needs criteria
needs designs
needs estimate
needs testing
question
type
admin
type
alert
type
bug
type
defect
type
dependencies
type
design
type
documentation
type
epic
type
incident
type
investigation
type
spike
type
story
won't fix
No milestone
No project
No assignees
1 participant
Notifications
Due date
No due date set.
Dependencies
No dependencies set.
Reference: RabbitLabs/vylbot-app#442
Loading…
Reference in a new issue
No description provided.
Delete branch "%!s()"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Package: undici (npm)
Affected versions: < 5.28.4
Patched version: 5.28.4
GitHub
Impact
Undici cleared Authorization and Proxy-Authorization headers for
fetch()
, but did not clear them forundici.request()
.Patches
This has been patched in nodejs/undici.
Fixes has been released in v5.28.4 and v6.11.1.
Workarounds
use
fetch()
or disablemaxRedirections
.References
Linzi Shang reported this.