How can a malicious user modify the location header on a 307 Temporary redirect to redirect the victim to an attacker controlled site. For eg , say there is a 307 temporary redirect on a login page , can an attacker use the 307 response to modify the location to redirect the user to their own site and try to steal credentials that way?
I did not explicitly try out a MITM , but wanted to know if its possible.