;; Remove authorization after redirect.
(when (and (boundp 'emacs-major-version)
(< emacs-major-version 25))
- (require (intern (format "url-http-ntlm-parse-headers-%d.%d"
- emacs-major-version
- emacs-minor-version))))
+ (defvar url-http-ntlm--parsing-headers nil)
+ (defadvice url-http-parse-headers (around clear-authorization activate)
+ (let ((url-http-ntlm--parsing-headers t))
+ ad-do-it))
+ (defadvice url-http-handle-authentication (around clear-authorization
+ activate)
+ (let ((url-http-ntlm--parsing-headers nil))
+ ad-do-it))
+ (defadvice url-retrieve-internal (before clear-authorization activate)
+ (when (and url-http-ntlm--parsing-headers
+ (eq url-request-extra-headers url-http-extra-headers))
+ ;; This retrieval is presumably in response to a redirect.
+ ;; Do not automatically include an authorization header in the
+ ;; redirect. If needed it will be regenerated by the relevant
+ ;; auth scheme when the new request happens.
+ (setq url-http-extra-headers
+ (cl-remove "Authorization"
+ url-http-extra-headers :key #'car :test #'equal))
+ (setq url-request-extra-headers url-http-extra-headers))))
\f
;;; Private variables.