I noticed that the follow_redirect: true option used in HTTPoison (and therefore Hackney) when combined with an Authorization header (in my case basic auth) makes subsequent requests with the same Authorization headers. Curl, for example, does not seem to do that, at least not by default for the -L option, it looks like the --location-trusted option is to be used precisely when the user wants to reuse basic auth headers on redirects.
I want to use the Authorization header only on the first request and follow redirects without it. I stumbled upon an issue with Twilio media URLs with this where they require authentication for a media URL that redirects twice - to their CDN and then S3 - but the last URL, the S3 one, returns an error (unsupported authorization type) if a request with an Authorization header is made (or at least with the one required for the first URL), it works without any authorization though.
My question is - is it possible to specify to only use the headers passed to HTTPoison.get!/3 for the first request and follow redirects without them. I guess the question is if it’s possible in Hackney in general, and if not, is there a not too complex way to override this?






















