net/http: add client option to retain the auth/cookie headers

2024-11-22 02:54:39 -07:00 · 2021-12-27 08:36:48 +08:00 · 2021-12-27 08:36:48 +08:00 · 39a5762ef6
commit 39a5762ef6
parent b357b05b70
1 changed files with 13 additions and 3 deletions
--- a/src/net/http/client.go
+++ b/src/net/http/client.go
@ -104,6 +104,10 @@ type Client struct {
 	// RoundTripper implementations should use the Request's Context
 	// for cancellation instead of implementing CancelRequest.
 	Timeout time.Duration
+
+	// RetainHeaders indicates whether to keep the auth/cookie headers when redirect across different primary domains.
+	// For example, if you want to retain the auth/cookie headers after redirecting from a.com to b.com, set it to true.
+	RetainHeaders bool
 }

 // DefaultClient is the default Client and is used by Get, Head, and Post.
@ -797,9 +801,15 @@ func (c *Client) makeHeadersCopier(ireq *Request) func(*Request) {
 		}

 		// Copy the initial request's Header values
-		// (at least the safe ones).
-		for k, vv := range ireqhdr {
-			if shouldCopyHeaderOnRedirect(k, preq.URL, req.URL) {
+		// (at least the safe ones when Client.RetainHeaders is false).
+		if !c.RetainHeaders {
+			for k, vv := range ireqhdr {
+				if shouldCopyHeaderOnRedirect(k, preq.URL, req.URL) {
+					req.Header[k] = vv
+				}
+			}
+		} else {
+			for k, vv := range ireqhdr {
 				req.Header[k] = vv
 			}
 		}