From f8b4bcc0a791274223723488bfbfc23ea3276641 Mon Sep 17 00:00:00 2001 From: coletdjnz Date: Tue, 6 Jun 2023 20:44:51 +1200 Subject: [PATCH] [core] Prevent `Cookie` leaks on HTTP redirect Ref: https://github.com/yt-dlp/yt-dlp/security/advisories/GHSA-v8mc-9377-rwjj Authored by: coletdjnz --- test/test_http.py | 31 +++++++++++++++++++++++++++++++ yt_dlp/utils/_utils.py | 9 +++++++-- 2 files changed, 38 insertions(+), 2 deletions(-) diff --git a/test/test_http.py b/test/test_http.py index 3941a6e77..e4e66dce1 100644 --- a/test/test_http.py +++ b/test/test_http.py @@ -132,6 +132,11 @@ class HTTPTestRequestHandler(http.server.BaseHTTPRequestHandler): self._method('GET') elif self.path.startswith('/headers'): self._headers() + elif self.path.startswith('/308-to-headers'): + self.send_response(308) + self.send_header('Location', '/headers') + self.send_header('Content-Length', '0') + self.end_headers() elif self.path == '/trailing_garbage': payload = b'