• Matthew Holt's avatar
    basicauth: Remove Authorization header on successful authz (issue #1324) · 54acb9b2
    Matthew Holt authored
    If a site owner protects a path with basicauth, no need
    to use the Authorization header elsewhere upstream, especially since it
    contains credentials.
    
    If this breaks anyone, it means they're double-dipping. It's usually
    good practice to clear out credentials as soon as they're not needed
    anymore. (Note that we only clear credentials after they're used,
    they stay for any other reason.)
    54acb9b2
basicauth_test.go 4.32 KB