From 7ba5a534ae9fc24e40b3ae6c480c9075d684727e Mon Sep 17 00:00:00 2001
From: Cory Benfield <lukasaoz@gmail.com>
Date: Wed, 29 Jan 2014 19:13:46 +0000
Subject: [PATCH 1/3] Repopulate ~/.netrc auth.

---
 requests/sessions.py | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)

diff --git a/requests/sessions.py b/requests/sessions.py
index e262aa32..22fe22f8 100644
--- a/requests/sessions.py
+++ b/requests/sessions.py
@@ -158,6 +158,23 @@ class SessionRedirectMixin(object):
             prepared_request._cookies.update(self.cookies)
             prepared_request.prepare_cookies(prepared_request._cookies)
 
+            # If we get redirected to a new host, we should strip out any
+            # authentication headers.
+            original_parsed = urlparse(resp.request.url)
+            redirect_parsed = urlparse(url)
+
+            if original_parsed.hostname != redirect_parsed.hostname:
+                try:
+                    del headers['Authorization']
+                except KeyError:
+                    pass
+
+            # However, .netrc might have more auth for us. Let's get it if it
+            # does.
+            new_auth = get_netrc_auth(url)
+            if new_auth is not None:
+                prepared_request.prepare_auth(new_auth)
+
             resp = self.send(
                 prepared_request,
                 stream=stream,

From 326a22e8880c1dba52698a479eb7b6038d5b2e87 Mon Sep 17 00:00:00 2001
From: Cory Benfield <lukasaoz@gmail.com>
Date: Thu, 30 Jan 2014 15:11:24 +0000
Subject: [PATCH 2/3] Better layout for checking.

---
 requests/sessions.py | 8 +++-----
 1 file changed, 3 insertions(+), 5 deletions(-)

diff --git a/requests/sessions.py b/requests/sessions.py
index 22fe22f8..531fd667 100644
--- a/requests/sessions.py
+++ b/requests/sessions.py
@@ -163,11 +163,9 @@ class SessionRedirectMixin(object):
             original_parsed = urlparse(resp.request.url)
             redirect_parsed = urlparse(url)
 
-            if original_parsed.hostname != redirect_parsed.hostname:
-                try:
-                    del headers['Authorization']
-                except KeyError:
-                    pass
+            if (original_parsed.hostname != redirect_parsed.hostname and
+                   'Authorization' in headers):
+                del headers['Authorization']
 
             # However, .netrc might have more auth for us. Let's get it if it
             # does.

From d9f34c6848b9b313beefa7d3ce05f52fdea28c27 Mon Sep 17 00:00:00 2001
From: Cory Benfield <lukasaoz@gmail.com>
Date: Fri, 31 Jan 2014 07:36:44 +0000
Subject: [PATCH 3/3] Respect trust_env on redirect.

---
 requests/sessions.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/requests/sessions.py b/requests/sessions.py
index 531fd667..ae7390c5 100644
--- a/requests/sessions.py
+++ b/requests/sessions.py
@@ -169,7 +169,7 @@ class SessionRedirectMixin(object):
 
             # However, .netrc might have more auth for us. Let's get it if it
             # does.
-            new_auth = get_netrc_auth(url)
+            new_auth = get_netrc_auth(url) if self.trust_env else None
             if new_auth is not None:
                 prepared_request.prepare_auth(new_auth)