From 062ada9256c20f4e54f7af294ff8b8deec2bafdf Mon Sep 17 00:00:00 2001 From: Julien Le Sech Date: Sat, 29 Mar 2025 08:15:21 +0100 Subject: [PATCH] Reset authorization on redirect to other host --- libraries/HTTPClient/src/HTTPClient.cpp | 7 +++++++ libraries/HTTPClient/src/HTTPClient.h | 3 +++ 2 files changed, 10 insertions(+) diff --git a/libraries/HTTPClient/src/HTTPClient.cpp b/libraries/HTTPClient/src/HTTPClient.cpp index ec812f07201..45df038c408 100644 --- a/libraries/HTTPClient/src/HTTPClient.cpp +++ b/libraries/HTTPClient/src/HTTPClient.cpp @@ -285,6 +285,9 @@ bool HTTPClient::beginInternal(String url, const char *expectedProtocol) { } if (_host != the_host && connected()) { log_d("switching host from '%s' to '%s'. disconnecting first", _host.c_str(), the_host.c_str()); + if (_resetAuthorizationOnRedirect) { + _base64Authorization = ""; + } _canReuse = false; disconnect(true); } @@ -1435,6 +1438,10 @@ void HTTPClient::setRedirectLimit(uint16_t limit) { _redirectLimit = limit; } +void HTTPClient::resetAuthorizationOnRedirect(bool reset) { + _resetAuthorizationOnRedirect = reset; +} + /** * set the URL to a new value. Handy for following redirects. * @param url diff --git a/libraries/HTTPClient/src/HTTPClient.h b/libraries/HTTPClient/src/HTTPClient.h index 80f6da28599..d0bad0dedfd 100644 --- a/libraries/HTTPClient/src/HTTPClient.h +++ b/libraries/HTTPClient/src/HTTPClient.h @@ -219,6 +219,7 @@ class HTTPClient { // Redirections void setFollowRedirects(followRedirects_t follow); void setRedirectLimit(uint16_t limit); // max redirects to follow for a single request + void resetAuthorizationOnRedirect(bool reset); bool setURL(const String &url); void useHTTP10(bool usehttp10 = true); @@ -312,6 +313,8 @@ class HTTPClient { bool _canReuse = false; followRedirects_t _followRedirects = HTTPC_DISABLE_FOLLOW_REDIRECTS; uint16_t _redirectLimit = 10; + bool _resetAuthorizationOnRedirect = false; + String _location; transferEncoding_t _transferEncoding = HTTPC_TE_IDENTITY;