Merge pull request #1419 from aaronlehmann/safer-header-copying

On redirect, only copy headers when they don't already exist in the redirected request

docs/client/repository.go

@@ -36,8 +36,21 @@ func checkHTTPRedirect(req *http.Request, via []*http.Request) error {
 
 	if len(via) > 0 {
 		for headerName, headerVals := range via[0].Header {
-			if headerName == "Accept" || headerName == "Range" {
+			if headerName != "Accept" && headerName != "Range" {
-				for _, val := range headerVals {
+				continue
+			}
+			for _, val := range headerVals {
+				// Don't add to redirected request if redirected
+				// request already has a header with the same
+				// name and value.
+				hasValue := false
+				for _, existingVal := range req.Header[headerName] {
+					if existingVal == val {
+						hasValue = true
+						break
+					}
+				}
+				if !hasValue {
 					req.Header.Add(headerName, val)
 				}
 			}