X-Git-Url: https://code.delx.au/gnu-emacs-elpa/blobdiff_plain/faa7c0509e4eb6ed3dc31bd8db31547ab8282955..f10533854f4c7bb54247a11981191bf37b70cb36:/packages/url-http-ntlm/url-http-ntlm.el

diff --git a/packages/url-http-ntlm/url-http-ntlm.el b/packages/url-http-ntlm/url-http-ntlm.el
index ca7d638e5..58622ad48 100644
--- a/packages/url-http-ntlm/url-http-ntlm.el
+++ b/packages/url-http-ntlm/url-http-ntlm.el
@@ -1,10 +1,10 @@
 ;;; url-http-ntlm.el --- NTLM authentication for the url library
 
-;; Copyright (C) 2008, 2015 Free Software Foundation, Inc.
+;; Copyright (C) 2008, 2016 Free Software Foundation, Inc.
 
 ;; Author: Tom Schutzer-Weissmann <tom.weissmann@gmail.com>
 ;; Maintainer: Thomas Fitzsimmons <fitzsim@fitzsim.org>
-;; Version: 2.0.0
+;; Version: 2.0.2
 ;; Keywords: comm, data, processes, hypermedia
 ;; Homepage: https://code.google.com/p/url-http-ntlm/
 ;; Package-Requires: ((cl-lib "0.5") (ntlm "2.0.0"))
@@ -49,9 +49,25 @@
 ;; Remove authorization after redirect.
 (when (and (boundp 'emacs-major-version)
 	   (< emacs-major-version 25))
-  (require (intern (format "url-http-ntlm-parse-headers-%d.%d"
-			   emacs-major-version
-			   emacs-minor-version))))
+  (defvar url-http-ntlm--parsing-headers nil)
+  (defadvice url-http-parse-headers (around clear-authorization activate)
+    (let ((url-http-ntlm--parsing-headers t))
+      ad-do-it))
+  (defadvice url-http-handle-authentication (around clear-authorization
+						    activate)
+    (let ((url-http-ntlm--parsing-headers nil))
+      ad-do-it))
+  (defadvice url-retrieve-internal (before clear-authorization activate)
+    (when (and url-http-ntlm--parsing-headers
+	       (eq url-request-extra-headers url-http-extra-headers))
+      ;; This retrieval is presumably in response to a redirect.
+      ;; Do not automatically include an authorization header in the
+      ;; redirect.  If needed it will be regenerated by the relevant
+      ;; auth scheme when the new request happens.
+      (setq url-http-extra-headers
+	    (cl-remove "Authorization"
+		       url-http-extra-headers :key #'car :test #'equal))
+      (setq url-request-extra-headers url-http-extra-headers))))
 
 
 ;;; Private variables.
@@ -136,7 +152,7 @@ PROMPT and ARGS come from `url-ntlm-auth''s caller,
 `url-get-authentication'.  Their meaning depends on the current
 implementation - this function is well and truly coupled.
 
-url-get-authentication' calls `url-ntlm-auth' once when checking
+`url-get-authentication' calls `url-ntlm-auth' once when checking
 what authentication schemes are supported (PROMPT and ARGS are
 nil), and then twice for every stage of the handshake: the first
 time PROMPT is nil, the second, t; ARGS contains the server