[issue33661] urllib may leak sensitive HTTP headers to a third-party web site
Artem Smotrakov
report at bugs.python.org
Mon May 28 02:28:26 EDT 2018
Artem Smotrakov <artem.smotrakov at gmail.com> added the comment:
Hi Ivan,
Yes, unfortunately specs don't say anything about this scenario.
> once you have given your credentials to a server, it is free to do whatever it wants with them.
I hope servers don't share this opinion :)
> So, your proposed filtering does not actually achieve anything meaningful.1
I am sorry that I couldn't convice you. Thank you for your reply!
----------
_______________________________________
Python tracker <report at bugs.python.org>
<https://bugs.python.org/issue33661>
_______________________________________
More information about the Python-bugs-list
mailing list