ref: 2443d46a9ead610cdeebdc389f7b05356216d93e
parent: 8ef66ca21218af00181bf78f37a5ede0238a7fa1
author: cinap_lenrek <[email protected]>
date: Fri Mar 13 21:09:37 EDT 2015
webfs: do not send credentials in automatic referer url
--- a/sys/src/cmd/webfs/fs.c
+++ b/sys/src/cmd/webfs/fs.c
@@ -421,6 +421,11 @@
u->host = smprint("%H", r);
free(r);
}
+
+ /* do not send credentials */
+ free(u->user); u->user = nil;
+ free(u->pass); u->pass = nil;
+
if(r = smprint("%U", u)){
cl->hdr = addkey(cl->hdr, "Referer", r);
free(r);