You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
Undici's Proxy-Authorization header not cleared on cross-origin redirect for dispatch, request, stream, pipeline
Low severity
GitHub Reviewed
Published
Apr 4, 2024
in
nodejs/undici
•
Updated Dec 18, 2024
Impact
Undici cleared Authorization and Proxy-Authorization headers for
fetch()
, but did not clear them forundici.request()
.Patches
This has been patched in nodejs/undici@6805746.
Fixes has been released in v5.28.4 and v6.11.1.
Workarounds
use
fetch()
or disablemaxRedirections
.References
Linzi Shang reported this.
References