bitbake: fetch2/wget: add redirectauth parameter - linux/poky.git

diff options

author	Justin Bronder <jsbronder@cold-front.org>	2021-12-06 16:24:37 -0500
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2021-12-08 20:22:53 +0000
commit	acd77c3ac9f5272908cbeb96426c2f80fa75a48f (patch)
tree	03c5d50359577a7f5213b4b59ba9191e198a80d1 /scripts/lib/scriptutils.py
parent	35f134529097e9b1d1fa28613f6e19b047836e1f (diff)
download	poky-acd77c3ac9f5272908cbeb96426c2f80fa75a48f.tar.gz

bitbake: fetch2/wget: add redirectauth parameter

Add a parameter that limits sending Basic authentication in the Authorization header to only the first host and not any that we're redirected to. Ignoring potential security concerns, temporary AWS URLs will reject any request that includes authentication details in both the query parameters (from the redirect) and in the Authorization header. Temporary AWS URLs are now being used for release assets from private Github repositories. According to the previous discussion linked below, they're also in use by bitbucket. See also: https://lore.kernel.org/bitbake-devel/CAC9ffDEuZL-k8199bUyN+8frjw6bg-g=vrumxxtvt+RVParQ8Q@mail.gmail.com/ (Bitbake rev: a6ab32013a4381a1b694ed46caf2c9da932644d0) Signed-off-by: Justin Bronder <jsbronder@cold-front.org> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

Diffstat (limited to 'scripts/lib/scriptutils.py')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: