Skip to content

fix(security): secure redirect handler - remove auth headers on insecure redirect#222

Closed
MIchaelMainer wants to merge 1 commit intomainfrom
mmainer/redirect-sec
Closed

fix(security): secure redirect handler - remove auth headers on insecure redirect#222
MIchaelMainer wants to merge 1 commit intomainfrom
mmainer/redirect-sec

Conversation

@MIchaelMainer
Copy link
Copy Markdown
Member

@MIchaelMainer MIchaelMainer commented Feb 28, 2026

Improve redirect logic to remove authorization headers on insecure redirect

  • Cookie and Authorization header removal on insecure redirect
  • Removes Proxy-Authorization when:
    • No proxy is configured
    • Proxy is bypassed for the redirect destination
    • This prevents unnecessary credential removal
  • Customizable Scrubbing - Users can implement custom logic via ScrubSensitiveHeaders callback for application-specific headers

@MIchaelMainer MIchaelMainer requested a review from a team as a code owner February 28, 2026 02:26
@sonarqubecloud
Copy link
Copy Markdown

sonarqubecloud bot commented Feb 28, 2026

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
92.9% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@baywet
Copy link
Copy Markdown
Member

baywet commented Mar 2, 2026

Closing as duplicate of #221

@baywet baywet closed this Mar 2, 2026
@github-project-automation github-project-automation bot moved this to Done ✔️ in Kiota Mar 2, 2026
@baywet baywet deleted the mmainer/redirect-sec branch March 2, 2026 17:11
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

Kiota
Archived in project

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@MIchaelMainer @baywet