cURL / Mailing Lists / curl-library / Single Mail

curl-library

Re: Authentication procedure

From: Claes Jakobsson <claes_at_surfar.nu>
Date: Tue, 7 Jan 2014 08:19:51 +0100

Hi,

On 7 jan 2014, at 07:42, Shao, Shuchao <sshao_at_websense.com> wrote:
> Libcurl send the authentication data with the first GET request, it is not like the IE, firefox etc. IE (firefox etc.) send the authentication data after receiving the 407/401 response code.
> I think it is more reasonable send the authentication data after receiving 407/401 code. Consider the remote peer doesnít need authentication, it will make no sense sending the authentication
> with the first GET request.
> Seems it is very easy to change this behavior, just add a flag for if we receive the 407/401 code, and decide whether to send the authentication data on this flag. Do you think we need a patch for this change?

No, the current behavior is good and doesnít violate any specs. I donít see why we should resubmit the request and waste bandwidth. If you want the behavior you suggest itís easily implemented on your side.

/Claes
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2014-01-07