Merge pull request #31164 from hashicorp/jbardin/go-getter-security-options

add XTerraformGetLimit to prevent redirect loops

internal/command/providers_mirror.go

@@ -96,6 +96,7 @@ func (c *ProvidersMirrorCommand) Run(args []string) int {
 	httpGetter := getter.HttpGetter{
 		Client:                httpclient.New(),
 		Netrc:                 true,
+		XTerraformGetDisabled: true,
 	}
 
 	// The following logic is similar to that used by the provider installer

internal/getmodules/getter.go

@@ -85,6 +85,7 @@ var getterHTTPClient = cleanhttp.DefaultClient()
 var getterHTTPGetter = &getter.HttpGetter{
 	Client:             getterHTTPClient,
 	Netrc:              true,
+	XTerraformGetLimit: 10,
 }
 
 // A reusingGetter is a helper for the module installer that remembers