[issue33661] urllib may leak sensitive HTTP headers to a third-party web site

[Artem Smotrakov]

Artem Smotrakov <artem.smotrakov at gmail.com> added the comment:

Hi Ivan,

Yes, unfortunately specs don't say anything about this scenario.

> once you have given your credentials to a server, it is free to do whatever it wants with them. 

I hope servers don't share this opinion :)

> So, your proposed filtering does not actually achieve anything meaningful.1

I am sorry that I couldn't convice you. Thank you for your reply!

----------

_______________________________________
Python tracker <report at bugs.python.org>
<https://bugs.python.org/issue33661>
_______________________________________