Index: trunk/src/org/openstreetmap/josm/tools/HttpClient.java
===================================================================
--- trunk/src/org/openstreetmap/josm/tools/HttpClient.java	(revision 18912)
+++ trunk/src/org/openstreetmap/josm/tools/HttpClient.java	(revision 18913)
@@ -9,4 +9,5 @@
 import java.net.CookieHandler;
 import java.net.CookieManager;
+import java.net.CookiePolicy;
 import java.net.HttpURLConnection;
 import java.net.MalformedURLException;
@@ -84,5 +85,5 @@
     static {
         try {
-            CookieHandler.setDefault(new CookieManager());
+            CookieHandler.setDefault(new CookieManager(null, CookiePolicy.ACCEPT_ALL));
         } catch (SecurityException e) {
             Logging.log(Logging.LEVEL_ERROR, "Unable to set default cookie handler", e);
@@ -133,4 +134,17 @@
      */
     public final Response connect(ProgressMonitor progressMonitor) throws IOException {
+        return connect(progressMonitor, null, null);
+    }
+
+    /**
+     * Opens the HTTP connection.
+     * @param progressMonitor progress monitor
+     * @param authRedirectLocation The location where we will be redirected for authentication
+     * @param authRequestProperty The authorization header to set when being redirected to the auth location
+     * @return HTTP response
+     * @throws IOException if any I/O error occurs
+     * @since 18913
+     */
+    public final Response connect(ProgressMonitor progressMonitor, String authRedirectLocation, String authRequestProperty) throws IOException {
         if (progressMonitor == null) {
             progressMonitor = NullProgressMonitor.INSTANCE;
@@ -184,6 +198,8 @@
                     maxRedirects--;
                     logRequest(tr("Download redirected to ''{0}''", redirectLocation));
-                    // Fix JOSM #21935: Avoid leaking `Authorization` header on redirects.
-                    if (!Objects.equals(oldUrl.getHost(), this.url.getHost()) && this.getRequestHeader("Authorization") != null) {
+                    if (authRedirectLocation != null && authRequestProperty != null && redirectLocation.startsWith(authRedirectLocation)) {
+                        setHeader("Authorization", authRequestProperty);
+                    } else if (!Objects.equals(oldUrl.getHost(), this.url.getHost()) && this.getRequestHeader("Authorization") != null) {
+                        // Fix JOSM #21935: Avoid leaking `Authorization` header on redirects.
                         logRequest(tr("Download redirected to different host (''{0}'' -> ''{1}''), removing authorization headers",
                                 oldUrl.getHost(), url.getHost()));