libfetch: keep http auth only if redirect is for the same host

fixes #10688
2020-10-06 11:22:55 +03:00 · 2020-10-06 11:22:55 +03:00 · 7158474f1b
parent dac30d5049
commit 7158474f1b
1 changed files with 7 additions and 1 deletions
--- a/libfetch/http.c
+++ b/libfetch/http.c
@ -1070,7 +1070,13 @@ http_request(struct url *URL, const char *op, struct url_stat *us,
 					/* XXX should set an error code */
 					goto ouch;
 				}
-				if (!*new->user && !*new->pwd) {
+				if (!new->port)
+					new->port = fetch_default_port(url->scheme);
+				if (!new->user[0] && !new->pwd[0] &&
+				    new->port == url->port &&
+				    strcmp(new->scheme, url->scheme) == 0 &&
+				    strcmp(new->host, url->host) == 0) {
+					/* keep auth if staying on same host */
 					strcpy(new->user, url->user);
 					strcpy(new->pwd, url->pwd);
 				}