Upon on redirect(301) authentication header doesn't get removed

## Environment

- Android OS version: 15
- Devices affected:
- Maps SDK Version: 11.8.1

## Observed behavior and steps to reproduce

The http stack used in Mapbox does not strip out Authentication header upon on receiving a redirect (301). This is a huge security risk as the authentication token is leaked to 3rd party.

## Expected behavior

Authentication header should be removed upon on redirect

## Notes / preliminary analysis



## Additional links and references

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Upon on redirect(301) authentication header doesn't get removed #2680

Environment

Observed behavior and steps to reproduce

Expected behavior

Notes / preliminary analysis

Additional links and references

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Upon on redirect(301) authentication header doesn't get removed #2680

Description

Environment

Observed behavior and steps to reproduce

Expected behavior

Notes / preliminary analysis

Additional links and references

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions