Bugs item #3035542, was opened at 2010-07-27 15:32
Message generated for change (Tracker Item Submitted) made by jamshid
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=100976&aid=3035542&group_id=976

Please note that this message will contain a full copy of the comment thread,
including the initial issue submission, for this request,
not just the latest update.
Category: http
Group: None
Status: Open
Resolution: None
Priority: 5
Private: No
Submitted By: Jamshid Afshar (jamshid)
Assigned to: Daniel Stenberg (bagder)
Summary: POST with --digest should not do an initial, empty POST

Initial Comment:
When using --digest, curl will do an initial "POST /foo" with "Content-length: 0", then it will do a second POST with the actual content. Tested Mac version 7.19.6 and Linux 7.20.1, same behavior.

curl -L -i -v --data-binary HelloWorld --digest -u "fred:fred" http://example.com/foo

* Server auth using Digest with user 'fred'
> POST /foo HTTP/1.1
> User-Agent: curl/7.19.6 (i386-apple-darwin10.2.0) libcurl/7.19.6 zlib/1.2.5
> Host: localhost
> Accept: */*
> Content-Length: 0
> Content-Type: application/x-www-form-urlencoded
...

This initial, empty POST only happens when using --digest.

In my case this initial POST is a problem because an empty POST (even unauthenticated) still has an effect on the server -- it creates a document. This is legal http server behavior -- a POST is explicitly not indempotent, i.e. a POST can have side-effects: http://www.w3.org/Protocols/rfc2616/rfc2616-sec9.html.

So, I think curl should instead behave like wget ("wget -v -d --post-data=HelloWorld --user=fred --password=fred http://example.com/foo") and attempt only the real POST, retrying or sending additional authorization data if it gets a 401 response.

----------------------------------------------------------------------

You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=100976&aid=3035542&group_id=976
Received on 2010-07-27