Re: Repeated HTTP Authorization after 401 response with uknown method
Date: Tue, 28 Aug 2012 09:44:48 +0200
On Mon, Aug 27, 2012 at 08:22:57PM +0000, Joe Mason wrote:
> > From: curl-library [curl-library-bounces_at_cool.haxx.se] on behalf of Petr Pisar
> > [petr.pisar_at_atlas.cz]
> > I think special option mandating sending the Authorization header not
> > matter what would the best one.
> Well, IMHO this definitely shouldn't work without a curl_easy_reset: once
> the server has sent a 401 without Basic, curl knows the server doesn't
> accept Basic auth and shouldn't send it. (It's ok for curl to send Basic
> auth with its first request, before its received a 401, since that will save
> a roundtrip if the server happens to accept it.)
> In theory doing a curl_easy_reset should cause curl to forget all details of
> the previous responses, so it should go back to sending your Basic auth.
> But there was a recent bug with this, which should be fixed now.
> Aha. The fix was made just AFTER the 7.27.0 release. Try downloading the
> most recent code from git and compiling that to see if it fixes your
I checked the head 4c070de4fb01b4fbf29f8c463ba96da97b36bd2f and it behaves as
I want. I verified reverting
Author: Joe Mason <jmason_at_rim.com>
Date: Fri Jul 27 17:25:45 2012 -0400
Zero out auth structs before transfer
restores the previous (7.27.0) behaviour.
In addition I tried to figure out what everything has to be re-set to get
Authorization header in second request and it looks like nothing special is
needed. No curl_easy_reset(), no setting no CURLOPT_PASSWORD even no
So I'm more than satisfied with current master head. I'm just not sure it
matches your idea exactly. (Maybe I should note the server I use closes
connection after each request.)
- application/pgp-signature attachment: stored