Menu
Search

Forums

Forum Index

December 27, 2016
Gravatar of greenifyPosted by greenifyReply
greenify
Gravatar of greenify


Reply
https://issues.dlang.org/show_bug.cgi?id=16174

greenify <greeenify@gmail.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
           Keywords|                            |trivial
                 CC|                            |greeenify@gmail.com
           Severity|normal                      |major

--
April 01, 2017
Gravatar of Steven SchveighofferPosted by Steven SchveighofferReply
Steven Schveighoffer
Gravatar of Steven Schveighoffer


Reply
https://issues.dlang.org/show_bug.cgi?id=16174

Steven Schveighoffer <schveiguy@yahoo.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |RESOLVED
                 CC|                            |schveiguy@yahoo.com
         Resolution|---                         |WONTFIX

--- Comment #1 from Steven Schveighoffer <schveiguy@yahoo.com> ---
While I can see the concern, the truth is that you already are able to call a function which is adding a header to the request. In that sense, this isn't exactly a "security" issue, as you have permission to add the header already.

Where this can be a problem is if you are passing a string from an un-trusted source, but that's probably not a good idea anyway, even if just adding one header.

I'm not sure std.net.curl is the right place to make these types of decisions, it's a pretty bare wrapper around curl.

Closing as WONTFIX, please re-open if you think this is in error.

--