Looks like I've misunderstood how CheckRedirect works! I double checked in the Go source and your change is correct.
Hopefully this will work now
v1.63.0-beta.7086.62284c5e6.fix-webdav-redirect on branch fix-webdav-redirect (uploaded in 15-30 mins)
If it does then I think we should discuss whether this should be the default behaviour.
Some webdav servers might redirect to 3rd party servers which don't need auth (eg s3 with a limited time token) and passing your auth to a 3rd party server would be wrong in this case and might even leak your credentials.
Thoughts on this?
BTW does this service work with other WevDAV clients? I guess that tells us whether it should be the default in rclone or not.