[PR #1681] [MERGED] Set CURLOPT_UNRESTRICTED_AUTH when authenticating #2112

New issue

Closed

opened 2026-03-04 02:03:46 +03:00 by kerem · 0 comments

kerem commented

2026-03-04 02:03:46 +03:00

Owner

📋 Pull Request Information

Original PR: https://github.com/s3fs-fuse/s3fs-fuse/pull/1681
Author: @jstastny
Created: 6/14/2021
Status: ✅ Merged
Merged: 6/25/2021
Merged by: @ggtakec

Base: master ← Head: js/curl-redirect-auth

📝 Commits (3)

848f657 Set CURLOPT_UNRESTRICTED_AUTH when authenticating
8b77821 Merge branch 'master' into js/curl-redirect-auth
94e995c Merge branch 'master' into js/curl-redirect-auth

📊 Changes

1 file changed (+1 additions, -0 deletions)

View changed files

📝 src/curl.cpp (+1 -0)

📄 Description

This is necessary for authentication to work with AWS when it responds with 307 to the check bucket request when mounting. This happens to newly created buckets according to https://aws.amazon.com/premiumsupport/knowledge-center/s3-http-307-response/.

Relevant Issue (if applicable)

N/A

Details

Prior to this, curl would follow the redirect, but would not include the Authorization header which would end up with 404.

This is related to the change in cURL 7.58.0, where cURL stopped propagating the Authorization header to redirects by default as mitigation of this CVE https://curl.se/docs/CVE-2018-1000007.html

_{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

## 📋 Pull Request Information **Original PR:** https://github.com/s3fs-fuse/s3fs-fuse/pull/1681 **Author:** [@jstastny](https://github.com/jstastny) **Created:** 6/14/2021 **Status:** ✅ Merged **Merged:** 6/25/2021 **Merged by:** [@ggtakec](https://github.com/ggtakec) **Base:** `master` ← **Head:** `js/curl-redirect-auth` --- ### 📝 Commits (3) - [`848f657`](https://github.com/s3fs-fuse/s3fs-fuse/commit/848f657cbbb0a826855fad0f58b7cc07105b4e5a) Set CURLOPT_UNRESTRICTED_AUTH when authenticating - [`8b77821`](https://github.com/s3fs-fuse/s3fs-fuse/commit/8b77821f4cad342f221320842c981b1471cb3d8b) Merge branch 'master' into js/curl-redirect-auth - [`94e995c`](https://github.com/s3fs-fuse/s3fs-fuse/commit/94e995c76a6c25a9636c4feae55adce11b638e2a) Merge branch 'master' into js/curl-redirect-auth ### 📊 Changes **1 file changed** (+1 additions, -0 deletions) <details> <summary>View changed files</summary> 📝 `src/curl.cpp` (+1 -0) </details> ### 📄 Description This is necessary for authentication to work with AWS when it responds with 307 to the check bucket request when mounting. This happens to newly created buckets according to https://aws.amazon.com/premiumsupport/knowledge-center/s3-http-307-response/. ### Relevant Issue (if applicable) N/A ### Details Prior to this, curl would follow the redirect, but would not include the `Authorization` header which would end up with `404`. This is related to the change in cURL `7.58.0`, where cURL stopped propagating the `Authorization` header to redirects by default as mitigation of this CVE https://curl.se/docs/CVE-2018-1000007.html --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>