File CVE-2023-43804.patch of Package saltbundlepy-urllib3
Index: urllib3-1.25.10/src/urllib3/util/retry.py
===================================================================
--- urllib3-1.25.10.orig/src/urllib3/util/retry.py
+++ urllib3-1.25.10/src/urllib3/util/retry.py
@@ -154,7 +154,7 @@ class Retry(object):
RETRY_AFTER_STATUS_CODES = frozenset([413, 429, 503])
- DEFAULT_REDIRECT_HEADERS_BLACKLIST = frozenset(["Authorization"])
+ DEFAULT_REDIRECT_HEADERS_BLACKLIST = frozenset(["Cookie", "Authorization"])
#: Maximum backoff time.
BACKOFF_MAX = 120
Index: urllib3-1.25.10/test/test_retry.py
===================================================================
--- urllib3-1.25.10.orig/test/test_retry.py
+++ urllib3-1.25.10/test/test_retry.py
@@ -270,7 +270,7 @@ class TestRetry(object):
def test_retry_default_remove_headers_on_redirect(self):
retry = Retry()
- assert list(retry.remove_headers_on_redirect) == ["authorization"]
+ assert list(retry.remove_headers_on_redirect) == ["authorization", "cookie"]
def test_retry_set_remove_headers_on_redirect(self):
retry = Retry(remove_headers_on_redirect=["X-API-Secret"])