ref: 194828f3cef3cfef4109c880839d56cba947f8ff
parent: 53e7c805ec935949abea3cfc92b88162ca65b1c3
author: cinap_lenrek <cinap_lenrek@felloff.net>
date: Fri Mar 13 21:09:37 EDT 2015
webfs: do not send credentials in automatic referer url
--- a/sys/src/cmd/webfs/fs.c
+++ b/sys/src/cmd/webfs/fs.c
@@ -421,6 +421,11 @@
u->host = smprint("%H", r);free(r);
}
+
+ /* do not send credentials */
+ free(u->user); u->user = nil;
+ free(u->pass); u->pass = nil;
+
if(r = smprint("%U", u)){cl->hdr = addkey(cl->hdr, "Referer", r);
free(r);
--
⑨