30 lines
1018 B
Diff
30 lines
1018 B
Diff
From accff72ecc2f6cf5a76d9570198a93ac7c90270e Mon Sep 17 00:00:00 2001
|
|
From: Quentin Pradet <quentin.pradet@gmail.com>
|
|
Date: Mon, 17 Jun 2024 11:09:06 +0400
|
|
Subject: [PATCH] Merge pull request from GHSA-34jh-p97f-mpxf
|
|
|
|
* Strip Proxy-Authorization header on redirects
|
|
|
|
---
|
|
src/pip/_vendor/urllib3/util/retry.py | 4 +++-
|
|
1 file changed, 3 insertions(+), 1 deletion(-)
|
|
|
|
diff --git a/src/pip/_vendor/urllib3/util/retry.py b/src/pip/_vendor/urllib3/util/retry.py
|
|
index c7c0427..7e438b9 100644
|
|
--- a/src/pip/_vendor/urllib3/util/retry.py
|
|
+++ b/src/pip/_vendor/urllib3/util/retry.py
|
|
@@ -217,7 +217,9 @@ class Retry(object):
|
|
RETRY_AFTER_STATUS_CODES = frozenset([413, 429, 503])
|
|
|
|
#: Default headers to be used for ``remove_headers_on_redirect``
|
|
- DEFAULT_REMOVE_HEADERS_ON_REDIRECT = frozenset(["Cookie", "Authorization"])
|
|
+ DEFAULT_REMOVE_HEADERS_ON_REDIRECT = frozenset(
|
|
+ ["Cookie", "Authorization", "Proxy-Authorization"]
|
|
+ )
|
|
|
|
#: Maximum backoff time.
|
|
BACKOFF_MAX = 120
|
|
--
|
|
2.33.0
|
|
|