commit | 376e728d96efee0251a9979306cc371ff6cb4600 | [log] [tgz] |
---|---|---|
author | Ross Light <light@google.com> | Mon Oct 09 10:52:51 2017 -0700 |
committer | Ross Light <light@google.com> | Mon Oct 09 20:27:33 2017 +0000 |
tree | 93be0418f09003be1905e28c7e65a0706ed07800 | |
parent | 1e2b1a1a6d3c94c05649b18c231b6959046f69b0 [diff] |
httputil: only send client authorization over HTTPS Might just be a hypothetical concern, but better for this to fail closed (not send credentials when needed) than to fail open (send credentials insecurely). Change-Id: I8542e8c0b533a3c5f53a5f03f4e3b639b6b55f71 Reviewed-on: https://go-review.googlesource.com/69290 Reviewed-by: Tuo Shan <shantuo@google.com>