Index: Lib/urllib2.py =================================================================== --- Lib/urllib2.py (revision 88378) +++ Lib/urllib2.py (working copy) @@ -805,10 +805,10 @@ # XXX this allows for multiple auth-schemes, but will stupidly pick # the last one with a realm specified. - # allow for double- and single-quoted realm values - # (single quotes are a violation of the RFC, but appear in the wild) - rx = re.compile('(?:.*,)*[ \t]*([^ \t]+)[ \t]+' - 'realm=(["\'])(.*?)\\2', re.I) + # allow for single-quoted, double-quoted and unquoted realm values + # (single quotes and unquoted are a violation of the RFC, but appear in + # the wild), quotes stripped below + rx = re.compile('(?:.*,)*[ \t]*([^ \t]+)[ \t]+realm=(.*)', re.I) # XXX could pre-emptively send auth info already accepted (RFC 2617, # end of section 2, and section 1.2 immediately after "credentials" @@ -837,7 +837,13 @@ if authreq: mo = AbstractBasicAuthHandler.rx.search(authreq) if mo: - scheme, quote, realm = mo.groups() + scheme, realm = mo.groups() + realm = realm.strip() + if len(realm) > 1 and ( + (realm[0], realm[-1]) == ("'", "'") or + (realm[0], realm[-1]) == ('"', '"')): + realm = realm[1:-1] + if scheme.lower() == 'basic': return self.retry_http_basic_auth(host, req, realm) Index: Lib/test/test_urllib2.py =================================================================== --- Lib/test/test_urllib2.py (revision 88378) +++ Lib/test/test_urllib2.py (working copy) @@ -1043,6 +1043,9 @@ def test_basic_auth_with_single_quoted_realm(self): self.test_basic_auth(quote_char="'") + def test_basic_auth_with_unquoted_realm(self): + self.test_basic_auth(quote_char='') + def test_proxy_basic_auth(self): opener = OpenerDirector() ph = urllib2.ProxyHandler(dict(http="proxy.example.com:3128"))