X-Git-Url: https://code.delx.au/gnu-emacs-elpa/blobdiff_plain/7dece2c1976b6e38e371ddebc74420a5c537c9ec..afc4f5625aa70b75a2b27c98993ac8bf69230dd9:/packages/url-http-ntlm/url-http-ntlm.el

diff --git a/packages/url-http-ntlm/url-http-ntlm.el b/packages/url-http-ntlm/url-http-ntlm.el
index a1e1663b8..e0499b9c9 100644
--- a/packages/url-http-ntlm/url-http-ntlm.el
+++ b/packages/url-http-ntlm/url-http-ntlm.el
@@ -49,9 +49,25 @@
 ;; Remove authorization after redirect.
 (when (and (boundp 'emacs-major-version)
 	   (< emacs-major-version 25))
-  (require (intern (format "url-http-ntlm-parse-headers-%d.%d"
-			   emacs-major-version
-			   emacs-minor-version))))
+  (defvar url-http-ntlm--parsing-headers nil)
+  (defadvice url-http-parse-headers (around clear-authorization activate)
+    (let ((url-http-ntlm--parsing-headers t))
+      ad-do-it))
+  (defadvice url-http-handle-authentication (around clear-authorization
+						    activate)
+    (let ((url-http-ntlm--parsing-headers nil))
+      ad-do-it))
+  (defadvice url-retrieve-internal (before clear-authorization activate)
+    (when (and url-http-ntlm--parsing-headers
+	       (eq url-request-extra-headers url-http-extra-headers))
+      ;; This retrieval is presumably in response to a redirect.
+      ;; Do not automatically include an authorization header in the
+      ;; redirect.  If needed it will be regenerated by the relevant
+      ;; auth scheme when the new request happens.
+      (setq url-http-extra-headers
+	    (cl-remove "Authorization"
+		       url-http-extra-headers :key #'car :test #'equal))
+      (setq url-request-extra-headers url-http-extra-headers))))
 
 
 ;;; Private variables.