follow-redirects 1.14.6 → 1.14.7

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of follow-redirects might be problematic. Click here for more details.

Files changed (2) hide show
  1. package/index.js +2 -2
  2. package/package.json +1 -1
package/index.js CHANGED
@@ -392,9 +392,9 @@ RedirectableRequest.prototype._processResponse = function (response) {
392
392
  var redirectUrlParts = url.parse(redirectUrl);
393
393
  Object.assign(this._options, redirectUrlParts);
394
394
 
395
- // Drop the Authorization header if redirecting to another domain
395
+ // Drop the confidential headers when redirecting to another domain
396
396
  if (!(redirectUrlParts.host === currentHost || isSubdomainOf(redirectUrlParts.host, currentHost))) {
397
- removeMatchingHeaders(/^authorization$/i, this._options.headers);
397
+ removeMatchingHeaders(/^(?:authorization|cookie)$/i, this._options.headers);
398
398
  }
399
399
 
400
400
  // Evaluate the beforeRedirect callback
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "follow-redirects",
3
- "version": "1.14.6",
3
+ "version": "1.14.7",
4
4
  "description": "HTTP and HTTPS modules that follow redirects.",
5
5
  "license": "MIT",
6
6
  "main": "index.js",