Google Git
Sign in
go/go.git/85897ca220a149333a88b1e4d63f3b751f1141f5
commit
85897ca220a149333a88b1e4d63f3b751f1141f5
[log]
author
Neal Patel <nealpatel@google.com>
Wed May 21 14:11:44 2025 -0400
committer
Carlos Amedee <carlos@golang.org>
Thu Jun 05 11:10:09 2025 -0700
tree
afb7ed45cddba8a71541600b2f97fd4ec3673629
parent
9f9cf28f8fe67e6c17123cae2d89f116504f2be1 [diff]
[release-branch.go1.24] net/http: strip sensitive proxy headers from redirect requests

Similarly to Authentication entries, Proxy-Authentication entries should be stripped to ensure sensitive information is not leaked on redirects outside of the original domain.

https://fetch.spec.whatwg.org/#authentication-entries

Thanks to Takeshi Kaneko (GMO Cybersecurity by Ierae, Inc.) for reporting this issue.

Updates golang/go#73816
Fixes golang/go#73906
Fixes CVE-2025-4673

Change-Id: I8a0f30d5d6bff6c71689bba6efa0b747947e7eb0
Reviewed-on: https://go-review.googlesource.com/c/go/+/679256
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Michael Knyszek <mknyszek@google.com>
2 files changed
tree: afb7ed45cddba8a71541600b2f97fd4ec3673629
  1. .github/
  2. api/
  3. doc/
  4. lib/
  5. misc/
  6. src/
  7. test/
  8. .gitattributes
  9. .gitignore
  10. codereview.cfg
  11. CONTRIBUTING.md
  12. go.env
  13. LICENSE
  14. PATENTS
  15. README.md
  16. SECURITY.md
  17. VERSION
README.md

The Go Programming Language

Go is an open source programming language that makes it easy to build simple, reliable, and efficient software.

Gopher image Gopher image by Renee French, licensed under Creative Commons 4.0 Attribution license.

Our canonical Git repository is located at https://go.googlesource.com/go. There is a mirror of the repository at https://github.com/golang/go.

Unless otherwise noted, the Go source files are distributed under the BSD-style license found in the LICENSE file.

Download and Install

Binary Distributions

Official binary distributions are available at https://go.dev/dl/.

After downloading a binary release, visit https://go.dev/doc/install for installation instructions.

Install From Source

If a binary distribution is not available for your combination of operating system and architecture, visit https://go.dev/doc/install/source for source installation instructions.

Contributing

Go is the work of thousands of contributors. We appreciate your help!

To contribute, please read the contribution guidelines at https://go.dev/doc/contribute.

Note that the Go project uses the issue tracker for bug reports and proposals only. See https://go.dev/wiki/Questions for a list of places to ask questions about the Go language.