Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Feature: Add Option to Strip Authorization Header on Redirect #2090

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 3 commits into from
May 10, 2025
Merged

Feature: Add Option to Strip Authorization Header on Redirect #2090

merged 3 commits into from
May 10, 2025
+153 −4

Conversation

hyperxpro
Copy link
Member

@hyperxpro hyperxpro commented May 10, 2025
edited
Loading

Closes #1884

@hyperxpro hyperxpro requested a review from Copilot May 10, 2025 21:07
Copilot
Copilot AI reviewed May 10, 2025
View reviewed changes
Copy link
Contributor

@Copilot Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR adds a new configuration option, isStripAuthorizationOnRedirect(), to control whether the Authorization header is stripped during HTTP redirects. Key changes include new tests to verify default and custom behavior, modifications to the client configuration and builder to include the new option, and updates in the redirect interceptor to apply the header-stripping behavior.

Reviewed Changes

Copilot reviewed 5 out of 5 changed files in this pull request and generated 2 comments.

Show a summary per file
File Description
client/src/test/java/org/asynchttpclient/StripAuthorizationOnRedirectHttpTest.java Adds tests to validate header propagation and stripping on redirects.
client/src/test/java/org/asynchttpclient/DefaultAsyncHttpClientConfigTest.java Provides unit test coverage for the new configuration option with default and explicit settings.
client/src/main/java/org/asynchttpclient/netty/handler/intercept/Redirect30xInterceptor.java Updates the redirect interceptor to remove the Authorization header based on the new config flag.
client/src/main/java/org/asynchttpclient/DefaultAsyncHttpClientConfig.java Introduces a new field and builder method to manage the stripAuthorizationOnRedirect setting.
client/src/main/java/org/asynchttpclient/AsyncHttpClientConfig.java Extends the client config interface with the new method.

@hyperxpro hyperxpro mentioned this pull request May 10, 2025
Closed
@hyperxpro hyperxpro changed the title Add isStripAuthorizationOnRedirect() config option to control Authori… Feature: Add Option to Strip Authorization Header on Redirect May 10, 2025
@hyperxpro hyperxpro merged commit fb50dc2 into main May 10, 2025
6 checks passed
@hyperxpro hyperxpro deleted the auth-redirect-config branch May 10, 2025 23:30
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

Copilot code review Copilot Copilot left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Remove Authorization header on redirects?
1 participant
@hyperxpro