Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix .header() unsetting sensitive on HeaderValue (blocking) #2353

Merged
merged 1 commit into from
Jul 14, 2024
Merged

Fix .header() unsetting sensitive on HeaderValue (blocking) #2353

merged 1 commit into from
Jul 14, 2024

Conversation

Ten0
Copy link
Contributor

@Ten0 Ten0 commented Jul 14, 2024
edited

Fixes #2352

It seems that the issue was already reported in #1549 and fixed for async by d536ce2, but the blocking implementation was forgotten.

seanmonstar
seanmonstar approved these changes Jul 14, 2024
View reviewed changes
Copy link
Owner

@seanmonstar seanmonstar left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks!

@seanmonstar seanmonstar merged commit 9e577f5 into seanmonstar:master Jul 14, 2024
36 checks passed
@Ten0 Ten0 deleted the fix_header_sensitive branch July 14, 2024 13:19
kodiakhq bot pushed a commit to pdylanross/fatigue that referenced this pull request Aug 20, 2024
@dependabot
chore: Bump reqwest from 0.12.5 to 0.12.7 (#325)
0440dcf 
Bumps reqwest from 0.12.5 to 0.12.7.

Release notes
Sourced from reqwest's releases.

v0.12.7
What's Changed

Revert adding impl Service<http::Request<_>> for Client.

Full Changelog: seanmonstar/[email protected]
v0.12.6
What's Changed

Add support for danger_accept_invalid_hostnames for rustls.
Add impl Service<http::Request<Body>> for Client and &'_ Client.
Add support for !Sync bodies in Body::wrap_stream().
Enable happy eyeballs when hickory-dns is used.
Fix Proxy so that HTTP(S)_PROXY values take precendence over ALL_PROXY.
Fix blocking::RequestBuilder::header() from unsetting sensitive on passed header values.

New Contributors

@​schopin-pro made their first contribution in seanmonstar/reqwest#2341
@​Ten0 made their first contribution in seanmonstar/reqwest#2353
@​thalesfragoso made their first contribution in seanmonstar/reqwest#2249
@​nipunn1313 made their first contribution in seanmonstar/reqwest#2361
@​Threated made their first contribution in seanmonstar/reqwest#2370
@​FlowerCode made their first contribution in seanmonstar/reqwest#2380
@​zeling made their first contribution in seanmonstar/reqwest#2378
@​murongshaozong made their first contribution in seanmonstar/reqwest#2385
@​camio made their first contribution in seanmonstar/reqwest#2388
@​alekseysidorov made their first contribution in seanmonstar/reqwest#2356

Thanks again

@​seanmonstar
@​nyurik

Full Changelog: seanmonstar/[email protected]



Changelog
Sourced from reqwest's changelog.

v0.12.7

Revert adding impl Service<http::Request<_>> for Client.

v0.12.6

Add support for danger_accept_invalid_hostnames for rustls.
Add impl Service<http::Request<Body>> for Client and &'_ Client.
Add support for !Sync bodies in Body::wrap_stream().
Enable happy eyeballs when hickory-dns is used.
Fix Proxy so that HTTP(S)_PROXY values take precendence over ALL_PROXY.
Fix blocking::RequestBuilder::header() from unsetting sensitive on passed header values.




Commits

88bd9be v0.12.7
68127f0 Revert "feat: Add impl Service\<http::Request<Body>> for Client and `&'_ C...
b2a28f5 v0.12.6
522216e feat: Add impl Service\<http::Request<Body>> for Client and &'_ Client (...
646b1f8 chore: update macOS system-configuration dep (#2368)
85dd6da dns: improve error message for hickory-dns and warn in docs (#2389)
bfd31be docs: Improve RequestBuilder::multipart's documentation (#2388)
8c7f338 chore: bump dev-dependency libflate (#2382)
dddf877 chore: bump h3 dependency
a53c944 chore: fix some comments
Additional commits viewable in compare view




Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@seanmonstar seanmonstar seanmonstar approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

RequestBuilder::header unsets sensitive on header value
2 participants
@Ten0 @seanmonstar