commit b30ed37f0c2209a7f2397c8e7b8d4d252fa16262
author Joe Gregorio <jcgregorio@google.com> Mon Jul 23 14:45:17 2012 -0400
committer Joe Gregorio <jcgregorio@google.com> Mon Jul 23 14:45:17 2012 -0400
tree 011c79385c9d239d8927a6c8295ff215e9ecf85d
parent 9f1f9ede0faf3f36b8f463f781b9860d8c56009a

Add control so that Authorization: headers aren't forwarded on a 3xx response by default.

python2/httplib2test.py

diff --git a/python2/httplib2test.py b/python2/httplib2test.py
index b2cbb02..344f9ba 100755
--- a/python2/httplib2test.py
+++ b/python2/httplib2test.py
@@ -566,6 +566,20 @@
             (response, content) = self.http.request(uri, method, body=" ")
             self.assertEqual(response['x-method'], method_on_303)
 
+    def test303AndForwardAuthorizationHeader(self):
+        # Test that all methods can be used
+        uri = urlparse.urljoin(base, "303/redirect-to-header-reflector.cgi")
+        headers = {'authorization': 'Bearer foo'}
+        response, content = self.http.request(uri, 'GET', body=" ",
+            headers=headers)
+        # self.assertTrue('authorization' not in content)
+        self.http.follow_all_redirects = True
+        self.http.forward_authorization_headers = True
+        response, content = self.http.request(uri, 'GET', body=" ",
+            headers=headers)
+        # Oh, how I wish Apache didn't eat the Authorization header.
+        # self.assertTrue('authorization' in content)
+
     def testGet304(self):
         # Test that we use ETags properly to validate our cache
         uri = urlparse.urljoin(base, "304/test_etag.txt")