File CVE-2024-28849-follow-redirects-drop-proxy-auth... of Package velociraptor

Overview Repositories Revisions Requests Users Attributes Meta

File CVE-2024-28849-follow-redirects-drop-proxy-authorization.patch of Package velociraptor

From c4f847f85176991f95ab9c88af63b1294de8649b Mon Sep 17 00:00:00 2001
From: Ruben Verborgh <ruben@verborgh.org>
Date: Thu, 14 Mar 2024 17:36:10 +0100
Subject: [PATCH] Drop Proxy-Authorization across hosts.

---
 index.js     | 2 +-
 1 files changed, 1 insertions(+), 1 deletion(-)

diff --git a/gui/velociraptor/node_modules/follow-redirects/index.js b/gui/velociraptor/node_modules/follow-redirects/index.js
index f58b933..c649cab 100644
--- a/gui/velociraptor/node_modules/follow-redirects/index.js
+++ b/gui/velociraptor/node_modules/follow-redirects/index.js
@@ -430,7 +430,7 @@ RedirectableRequest.prototype._processResponse = function (response) {
      redirectUrlParts.protocol !== "https:" ||
      redirectUrlParts.host !== currentHost &&
      !isSubdomain(redirectUrlParts.host, currentHost)) {
-    removeMatchingHeaders(/^(?:authorization|cookie)$/i, this._options.headers);
+    removeMatchingHeaders(/^(?:(?:proxy-)?authorization|cookie)$/i, this._options.headers);
   }
 
   // Evaluate the beforeRedirect callback

Places

File CVE-2024-28849-follow-redirects-drop-proxy-authorization.patch of Package velociraptor

Places