From b383be98874d4dded67ee8a679fae30340722709 Mon Sep 17 00:00:00 2001 From: dirkf Date: Wed, 7 Jun 2023 19:38:54 +0100 Subject: [PATCH] [core] Remove `Cookie` header on redirect to prevent leaks Adated from yt-dlp/yt-dlp-ghsa-v8mc-9377-rwjj/pull/1/commits/101caac Thx coletdjnz --- test/test_http.py | 32 ++++++++++++++++++++++++++++++-- youtube_dl/utils.py | 8 ++++++-- 2 files changed, 36 insertions(+), 4 deletions(-) diff --git a/test/test_http.py b/test/test_http.py index 1a65df9e0..cd180b51f 100644 --- a/test/test_http.py +++ b/test/test_http.py @@ -183,6 +183,11 @@ def gzip_compress(p): self._method('GET') elif self.path.startswith('/headers'): self._headers() + elif self.path.startswith('/308-to-headers'): + self.send_response(308) + self.send_header('Location', '/headers') + self.send_header('Content-Length', '0') + self.end_headers() elif self.path == '/trailing_garbage': payload = b'