This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Title: urllib2 HTTP digest authentication fix
Type: Stage:
Components: Library (Lib) Versions: Python 2.3
Status: closed Resolution: fixed
Dependencies: Superseder:
Assigned To: jhylton Nosy List: jhylton, mfenniak, titus
Priority: normal Keywords: patch

Created on 2004-09-30 19:10 by mfenniak, last changed 2022-04-11 14:56 by admin. This issue is now closed.

File name Uploaded Description Edit
urllib2-digestauth-lj.diff mfenniak, 2004-09-30 19:13 Patch to fix HTTP digest authentication to access LiveJournal RSS feeds.
Messages (4)
msg46982 - (view) Author: Mathieu Fenniak (mfenniak) Date: 2004-09-30 19:10
Although the 'algorithm' component of the Authorization header is 
considered optional by RFC 2617, there are sites that do not 
function without providing algorithm notification.  Specifically, this 
problem is encounted with LiveJournal RSS feeds (where HTTP 
digest authentication can be used to view non-public livejournal 

This patch makes the algorithm flag always sent in the 
Authorization header.  The following test script demonstrates the 
problem for a LiveJournal RSS feed (username and password must 
be entered):

    import urllib2

    class PasswordMgr(object):
        def find_user_password(self, realm, authuri):
            return "someuser", "somepass"
        def add_password(self):

    rssURI = "

    handler = urllib2.HTTPDigestAuthHandler(PasswordMgr())
    opener = urllib2.build_opener(handler)

With the attached patch, this works successfully.  Without it, it fails 
with an HTTP 401 error.
msg46983 - (view) Author: Mathieu Fenniak (mfenniak) Date: 2004-09-30 19:13
Logged In: YES 

Err, sorry, it appears I didn't attach the patch.  Here it is.
msg46984 - (view) Author: Titus Brown (titus) Date: 2004-12-19 07:24
Logged In: YES 

Patch is simple (one line removed from current urllib2!).  I don't know 
much about http digest authentication, so I can't say anything about 
whether or not this correct; but I have verified that it fixes the 
LiveJournal behavior noted in the patch description (on Linux, under 
current CVS tree).  Moreover the MD5 
algorithm is the default, so this patch merely changes the behavior to be 
more verbose than it is currently -- it shouldn't break any existing actual 

Recommend application of patch.

msg46985 - (view) Author: Jeremy Hylton (jhylton) (Python triager) Date: 2004-12-22 14:27
Logged In: YES 

Fixed in rev 1.78 of urllib2
Date User Action Args
2022-04-11 14:56:07adminsetgithub: 40966
2004-09-30 19:10:11mfenniakcreate