daniel:// stenberg://5d ago

Let's play slop or not! Here's the input:

https://hackerone.com/reports/3595753

slop
95%
not slop
5%
Poll ended at .
curl disclosed on HackerOne: Connection Reuse Ignores OAuth Bearer...

## Summary: The connection pool reuse function url_match_conn() in lib/url.c checks oauth_bearer in its credential match block — but only for protocols marked as requiring per-connection credentials. For HTTP, OAuth bearer is passed as a header, not a protocol-level credential. If a libcurl application reuses an easy handle to connect to two different API endpoints using different bearer tokens...

HackerOne
Show threadabortretryfail
@bagder
Crowd sourced Turing tests via Mastodon, brilliant.
Mar 10 at 3:54pmTusky