Do not propagate headers on HTTP redirects

Question

I have files hosted on Amazon S3, and I\'d like to download them after a treatment in my app. This app view requires the HTTP Authorization header to proceed. Here is the pr

Answer 1

Is your S3 file path on the same domain as your /file/xxx? That would explain why the Authorization header is being sent, presumably. If you have your S3 hosted on a different domain to the app view, then I would assume the Authorization header would not be sent to the S3 domain (as HTTP Authorization is per-domain).

Answer 2

It may depend on your client, for example see: https://code.google.com/p/go/issues/detail?id=4800

It appears curl won't carry over your Authorization header by default. But I'm dealing with a similar issue and I see that by default http components appears to carry it.