fix(security): vulnerability where all headers are passed on redirect by ramsessanchez · Pull Request #2081 · microsoft/kiota-java

ramsessanchez · 2026-02-12T19:47:50Z

components/http/okHttp/src/main/java/com/microsoft/kiota/http/middleware/RedirectHandler.java

.../okHttp/src/main/java/com/microsoft/kiota/http/middleware/options/RedirectHandlerOption.java

…hub.com/microsoft/kiota-java into ramsess/fix-redirectHeaderVulnerability

baywet

Thank you for making the changes!

baywet · 2026-03-02T17:18:42Z

@adrian05-ms I think some formatting is required here. There are tasks configured to do that for you. (see gradle tasks)

adrian05-ms · 2026-03-02T17:37:15Z

@adrian05-ms I think some formatting is required here. There are tasks configured to do that for you. (see gradle tasks)

Done, please review again

components/http/okHttp/src/main/java/com/microsoft/kiota/http/middleware/RedirectHandler.java

…middleware/RedirectHandler.java Co-authored-by: Vincent Biret <vibiret@microsoft.com>

...ents/http/okHttp/src/test/java/com/microsoft/kiota/http/middleware/RedirectHandlerTests.java

components/http/okHttp/src/main/java/com/microsoft/kiota/http/middleware/RedirectHandler.java

sonarqubecloud · 2026-03-02T20:18:05Z

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
88.9% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

fix vulnerability where all headers are passed on redirect

29a470e

ramsessanchez requested a review from a team as a code owner February 12, 2026 19:47

github-project-automation bot added this to Kiota Feb 12, 2026

formatting

5364a51

ramsessanchez changed the title ~~fix vulnerability where all headers are passed on redirect~~ fix(security): vulnerability where all headers are passed on redirect Feb 12, 2026

remove test secret

026aace

baywet requested changes Feb 13, 2026

View reviewed changes

components/http/okHttp/src/main/java/com/microsoft/kiota/http/middleware/RedirectHandler.java Outdated Show resolved Hide resolved

github-project-automation bot moved this to In Progress 🚧 in Kiota Feb 13, 2026

MIchaelMainer mentioned this pull request Feb 27, 2026

fix(security): remove proxy and cookie auth headers on insecure redirect microsoft/kiota-dotnet#653

Merged

adrian05-ms and others added 8 commits February 27, 2026 13:47

updating redirect implementation

a4970d2

Testing changes

aec2414

fixing linting issues

437340c

format issues fix

37c5a41

fixing test

cf142ea

fix: check for port changes on redirect

5746c34

chore: fix formatting

c855923

test: validate that custom headers are removed on redirect

7a44f88

baywet requested changes Mar 2, 2026

View reviewed changes

.../okHttp/src/main/java/com/microsoft/kiota/http/middleware/options/RedirectHandlerOption.java Show resolved Hide resolved

adrian05-ms added 3 commits March 2, 2026 10:40

adding port condition

83e7b48

Merge branch 'ramsess/fix-redirectHeaderVulnerability' of https://git…

603acb4

…hub.com/microsoft/kiota-java into ramsess/fix-redirectHeaderVulnerability

updating tests

fba3225

baywet previously approved these changes Mar 2, 2026

View reviewed changes

linter fix

5ea94b4

adrian05-ms dismissed baywet’s stale review via 5ea94b4 March 2, 2026 17:29

baywet requested changes Mar 2, 2026

View reviewed changes

components/http/okHttp/src/main/java/com/microsoft/kiota/http/middleware/RedirectHandler.java Outdated Show resolved Hide resolved

adrian05-ms and others added 2 commits March 2, 2026 12:23

Update components/http/okHttp/src/main/java/com/microsoft/kiota/http/…

f05303d

…middleware/RedirectHandler.java Co-authored-by: Vincent Biret <vibiret@microsoft.com>

updating code review changes

7f37790

peombwa reviewed Mar 2, 2026

View reviewed changes

...ents/http/okHttp/src/test/java/com/microsoft/kiota/http/middleware/RedirectHandlerTests.java Outdated Show resolved Hide resolved

components/http/okHttp/src/main/java/com/microsoft/kiota/http/middleware/RedirectHandler.java Outdated Show resolved Hide resolved

Fixing test and format

30bd8ae

baywet previously approved these changes Mar 2, 2026

View reviewed changes

linting

9b590c8

adrian05-ms dismissed baywet’s stale review via 9b590c8 March 2, 2026 20:15

adrian05-ms requested a review from peombwa March 2, 2026 20:44

adrian05-ms enabled auto-merge March 2, 2026 20:44

baywet approved these changes Mar 2, 2026

View reviewed changes

adrian05-ms merged commit 38e45c9 into main Mar 2, 2026
10 checks passed

adrian05-ms deleted the ramsess/fix-redirectHeaderVulnerability branch March 2, 2026 20:55

github-project-automation bot moved this from In Progress 🚧 to Done ✔️ in Kiota Mar 2, 2026

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

fix(security): vulnerability where all headers are passed on redirect#2081

fix(security): vulnerability where all headers are passed on redirect#2081
adrian05-ms merged 19 commits intomainfrom
ramsess/fix-redirectHeaderVulnerability

ramsessanchez commented Feb 12, 2026

Uh oh!

Uh oh!

Uh oh!

baywet left a comment

Uh oh!

baywet commented Mar 2, 2026

Uh oh!

adrian05-ms commented Mar 2, 2026

Uh oh!

Uh oh!

Uh oh!

Uh oh!

sonarqubecloud bot commented Mar 2, 2026

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

5 participants

Conversation

ramsessanchez commented Feb 12, 2026

Uh oh!

Uh oh!

Uh oh!

baywet left a comment

Choose a reason for hiding this comment

Uh oh!

baywet commented Mar 2, 2026

Uh oh!

adrian05-ms commented Mar 2, 2026

Uh oh!

Uh oh!

Uh oh!

Uh oh!

sonarqubecloud bot commented Mar 2, 2026

Quality Gate passed

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

5 participants