永远不会发送身份验证到目标服务器


AuthorizationCookieProxy-Authorization 标头未发送到服务器。 避免在部分导入的 URL 中包含用户信息。 正在研究在服务器上安全使用这些的安全模型。

Authorization, Cookie, and Proxy-Authorization headers are not sent to the server. Avoid including user info in parts of imported URLs. A security model for safely using these on the server is being worked on.