https://issues.dlang.org/show_bug.cgi?id=16174
Steven Schveighoffer <[email protected]> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED CC| |[email protected] Resolution|--- |WONTFIX --- Comment #1 from Steven Schveighoffer <[email protected]> --- While I can see the concern, the truth is that you already are able to call a function which is adding a header to the request. In that sense, this isn't exactly a "security" issue, as you have permission to add the header already. Where this can be a problem is if you are passing a string from an un-trusted source, but that's probably not a good idea anyway, even if just adding one header. I'm not sure std.net.curl is the right place to make these types of decisions, it's a pretty bare wrapper around curl. Closing as WONTFIX, please re-open if you think this is in error. --
