It should be possible to address this with https://pkg.go.dev/net/http#Client.CheckRedirect. Should we drop the authorization headers unconditionally or only if the domain is not the original one?
It should be possible to address this with https:/ /pkg.go. dev/net/ http#Client. CheckRedirect. Should we drop the authorization headers unconditionally or only if the domain is not the original one?