redirects take headers with them :-(

run-with-httpie

ariels@redqueen:~/dev/Tests/manualweb$ http -v --follow  get localhost:8888/redirect/foo authorization:yes-i-can
GET /redirect/foo HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
Connection: keep-alive
Host: localhost:8888
User-Agent: HTTPie/2.2.0
authorization: yes-i-can



HTTP/1.1 307 Temporary Redirect
Content-Length: 29
Content-Type: text/plain; charset=utf-8
Date: Mon, 08 Mar 2021 13:50:47 GMT
Location: /ok/foo

please go to /ok/foo, instead

GET /ok/foo HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
Connection: keep-alive
Host: localhost:8888
User-Agent: HTTPie/2.2.0
authorization: yes-i-can



HTTP/1.1 200 OK
Content-Length: 11
Content-Type: text/plain; charset=utf-8
Date: Mon, 08 Mar 2021 13:50:47 GMT

ok: /ok/foo

But... sane clients don't copy Authorization over to the redirect, if on a different domain. Again with httpie:

ariels@redqueen:~/dev/Tests/manualweb$ http -v --follow  get localhost:8888/redirect/foo authorization:yes-i-can
GET /redirect/foo HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
Connection: keep-alive
Host: localhost:8888
User-Agent: HTTPie/2.2.0
authorization: yes-i-can



HTTP/1.1 307 Temporary Redirect
Content-Length: 51
Content-Type: text/plain; charset=utf-8
Date: Mon, 08 Mar 2021 13:53:47 GMT
Location: http://bad.example.com/ok/foo

please go to http://bad.example.com/ok/foo, instead

GET /ok/foo HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
Connection: keep-alive
Host: bad.example.com
User-Agent: HTTPie/2.2.0




http: error: ConnectionError: HTTPConnectionPool(host='bad.example.com', port=80): Max retries exceeded with url: /ok/foo (Caused by NewConnectionError('<urllib3.connection.HTTPConnection object at 0x7f049460e1f0>: Failed to establish a new connection: [Errno -2] Name or service not known')) while doing a GET request to URL: http://bad.example.com/ok/foo