From 7ec67d93997e644767a6ad861d2b5d82761a2365 Mon Sep 17 00:00:00 2001
From: Jason Mulligan <jamullig@adobe.com>
Date: Mon, 4 Jun 2018 11:28:19 -0400
Subject: [PATCH] Removing more headers from redirect responses, fixing a test

---
 lib/tenso.js      | 8 +++++++-
 package-lock.json | 2 +-
 package.json      | 2 +-
 test/auth_test.js | 2 +-
 4 files changed, 10 insertions(+), 4 deletions(-)

diff --git a/lib/tenso.js b/lib/tenso.js
index 3bf1ecf1..950b02c2 100644
--- a/lib/tenso.js
+++ b/lib/tenso.js
@@ -407,9 +407,15 @@ class Tenso extends HTTPMethods {
 					}
 				});
 
-				if (status >= 300 && status < 400 && rheaders["cache-control"] !== void 0) {
+				if (status >= 300 && status < 400) {
+					res.removeHeader("accept-ranges");
 					res.removeHeader("cache-control");
+					res.removeHeader("content-type");
+					res.removeHeader("content-length");
+					delete headers["accept-ranges"];
 					delete headers["cache-control"];
+					delete headers["content-type"];
+					delete headers["content-length"];
 				}
 
 				if (status !== 416 && req.headers.range !== void 0 && !res.hasHeader("content-range") && headers["content-range"] === void 0) {
diff --git a/package-lock.json b/package-lock.json
index 035a93a9..a17bb81d 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -1,6 +1,6 @@
 {
   "name": "tenso",
-  "version": "7.0.10",
+  "version": "7.0.11",
   "lockfileVersion": 1,
   "requires": true,
   "dependencies": {
diff --git a/package.json b/package.json
index e6024daa..2770d89f 100644
--- a/package.json
+++ b/package.json
@@ -1,7 +1,7 @@
 {
   "name": "tenso",
   "description": "Tensō is an elastic REST API gateway for node.js",
-  "version": "7.0.10",
+  "version": "7.0.11",
   "homepage": "http://avoidwork.github.io/tenso",
   "author": "Jason Mulligan <jason.mulligan@avoidwork.com>",
   "repository": {
diff --git a/test/auth_test.js b/test/auth_test.js
index 2a1a12f4..effc7b23 100644
--- a/test/auth_test.js
+++ b/test/auth_test.js
@@ -219,7 +219,7 @@ describe("Local", function () {
 			.reuseHeader(csrf)
 			.json({username: "test", password: valid})
 			.expectStatus(302)
-			.expectHeader("content-type", "text/html; charset=utf-8") // anti-pattern of strategy
+			.expectHeader("content-type", undefined) // anti-pattern of strategy
 			.expectHeader("location", "/")
 			.end();
 	});