[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
bug#21350: 25.0.50; Do not automatically include authorization header in
From: |
Thomas Fitzsimmons |
Subject: |
bug#21350: 25.0.50; Do not automatically include authorization header in HTTP redirects |
Date: |
Mon, 31 Aug 2015 22:33:05 -0400 |
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/25.0.50 (gnu/linux) |
Stefan Monnier <monnier@iro.umontreal.ca> writes:
>> This patch is required for url-http-ntlm.el to handle redirects. I'd
>> like someone more familiar with url-http.el to review it.
>
> I'm not sure if there is such a someone, to tell you the truth. I can
> give you comments about Elisp style:
OK, thanks.
> + ;; Don't automatically include authorization header in redirect.
> + ;; If needed it will be regenerated by the relevant auth scheme
> + ;; when the new request happens.
> + (setq url-http-extra-headers
> + (let (result)
> + (dolist (header url-http-extra-headers)
> + (if (not (equal (car header) "Authorization"))
> + (push header result)))
> + (nreverse result)))
>
> IIUC this is like:
>
> (let ((a (assoc "Authorization" url-http-extra-headers)))
> (if a (setq url-http-extra-headers (delq a url-http-extra-headers))))
>
> Tho maybe it should be `remq' rather than `delq'.
I was trying to remove all occurrences of "Authorization", just in case,
since that's what url-http-ntlm did. I looked at remq and delq. delq
looks like it would be faster. I'm not sure why I would use remq since
I'm overwriting url-http-extra-headers anyway.
url-http-ntlm did this:
(defun url-http-ntlm-rmssoc (key alist)
(remove* key alist :key 'car :test 'equal))
but should I avoid using cl-lib in this context? Another consideration
is that I want to be able to backport this change (as an ELPA-installed
patch) all the way back to Emacs 24.1, so maybe that's another reason
not to use cl-lib.
Thomas