Index: wget-1.21.1/src/http.c =================================================================== --- wget-1.21.1.orig/src/http.c +++ wget-1.21.1/src/http.c @@ -3155,6 +3155,33 @@ fail: } #endif /* HAVE_METALINK */ +/* + * Check if the corresponding header line should not + * be sent after a redirect + */ +static inline int +unredirectable_headerline(char *line) +{ + static struct { + size_t len; + char *name; + } field_name[] = { + { 14, "Authorization:" }, + { 7, "Cookie:" }, + { 0, NULL } + }; + int i; + + /* + * Note: According to RFC 2616, Field names are case-insensitive. + */ + for (i = 0; field_name[i].name != NULL; i++) + if (strncasecmp(line, field_name[i].name, field_name[i].len) == 0) + return 1; + + return 0; +} + /* Retrieve a document through HTTP protocol. It recognizes status code, and correctly handles redirections. It closes the network socket. If it receives an error from the functions below it, it @@ -3167,7 +3194,7 @@ fail: server, and u->url will be requested. */ static uerr_t gethttp (const struct url *u, struct url *original_url, struct http_stat *hs, - int *dt, struct url *proxy, struct iri *iri, int count) + int *dt, struct url *proxy, struct iri *iri, int count, int location_changed) { struct request *req = NULL; @@ -3314,7 +3341,16 @@ gethttp (const struct url *u, struct url { int i; for (i = 0; opt.user_headers[i]; i++) - request_set_user_header (req, opt.user_headers[i]); + { + /* + * IF we have been redirected + * AND the user-supplied header line should NOT be sent to the new host + * DO NOT append that header line + */ + if (location_changed && unredirectable_headerline(opt.user_headers[i])) + continue; + request_set_user_header (req, opt.user_headers[i]); + } } proxyauth = NULL; @@ -4232,7 +4268,7 @@ check_retry_on_http_error (const int sta uerr_t http_loop (const struct url *u, struct url *original_url, char **newloc, char **local_file, const char *referer, int *dt, struct url *proxy, - struct iri *iri) + struct iri *iri, int location_changed) { int count; bool got_head = false; /* used for time-stamping and filename detection */ @@ -4424,7 +4460,7 @@ http_loop (const struct url *u, struct u *dt &= ~SEND_NOCACHE; /* Try fetching the document, or at least its head. */ - err = gethttp (u, original_url, &hstat, dt, proxy, iri, count); + err = gethttp (u, original_url, &hstat, dt, proxy, iri, count, location_changed); /* Time? */ tms = datetime_str (time (NULL)); Index: wget-1.21.1/src/http.h =================================================================== --- wget-1.21.1.orig/src/http.h +++ wget-1.21.1/src/http.h @@ -36,7 +36,7 @@ as that of the covered work. */ struct url; uerr_t http_loop (const struct url *, struct url *, char **, char **, const char *, - int *, struct url *, struct iri *); + int *, struct url *, struct iri *, int); void save_cookies (void); void http_cleanup (void); time_t http_atotm (const char *); Index: wget-1.21.1/src/retr.c =================================================================== --- wget-1.21.1.orig/src/retr.c +++ wget-1.21.1/src/retr.c @@ -886,7 +886,7 @@ retrieve_url (struct url * orig_parsed, { uerr_t result; char *url; - bool location_changed; + bool location_changed = 0; bool iri_fallbacked = 0; int dummy; char *mynewloc, *proxy; @@ -985,7 +985,7 @@ retrieve_url (struct url * orig_parsed, } #endif result = http_loop (u, orig_parsed, &mynewloc, &local_file, refurl, dt, - proxy_url, iri); + proxy_url, iri, location_changed); } else if (u->scheme == SCHEME_FTP #ifdef HAVE_SSL