Re: Repeated HTTP Authorization after 401 response with uknown method
Date: Mon, 27 Aug 2012 21:34:40 +0200
On Mon, Aug 27, 2012 at 07:25:52PM +0000, Joe Mason wrote:
> > From: curl-library [curl-library-bounces_at_cool.haxx.se] on behalf of Petr Pisar
> > [petr.pisar_at_atlas.cz]
> > I have a special HTTP server which expect Authorization header with
> > `Basic' method and refuses bad password with 401 HTTP code and header
> > WWW-Authenticate with special `totp' method.
> > My problem is cURL (7.27.0) stops sending Authorization after first such
> > 401 response.
> What do you expect curl to do? Keep sending Authorization: Basic even
> though the server never sent a WWW-Authenticate: Basic? Clearly curl can't
> send Authorization: totp since it has no idea what totp is.
Exactly. Imagine user inputs bad password. Server refuses, user inputs correct
password, and now the client should resend the request again, but this time
with correct password.
I think special option mandating sending the Authorization header not matter
what would the best one.
- application/pgp-signature attachment: stored