Message 202158 - Python tracker

➜

This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author	mcepl
Recipients	mcepl
Date	2013-11-04.19:26:53
SpamBayes Score	-1.0
Marked as misclassified	Yes
Message-id	<1383593213.58.0.82920866423.issue19494@psf.upfronthosting.co.za>
In-reply-to

Content
Also let me add from RFC 2617, end of section 2: > A client MAY preemptively send the corresponding Authorization > header with requests for resources in that space without > receipt of another challenge from the server. Similarly, when > a client sends a request to a proxy, it may reuse a userid and > password in the Proxy-Authorization header field without > receiving another challenge from the proxy server. See section > 4 for security considerations associated with Basic > authentication. So sending "Authorization" in the introductory request is not only performance hack, but it is also anticipated by RFC.

Also let me add from RFC 2617, end of section 2:

> A client MAY preemptively send the corresponding Authorization
> header with requests for resources in that space without
> receipt of another challenge from the server.  Similarly, when
> a client sends a request to a proxy, it may reuse a userid and
> password in the Proxy-Authorization header field without
> receiving another challenge from the proxy server. See section
> 4 for security considerations associated with Basic
> authentication.

So sending "Authorization" in the introductory request is not
only performance hack, but it is also anticipated by RFC.

History
Date	User	Action	Args
2013-11-04 19:26:53	mcepl	set	recipients: + mcepl
2013-11-04 19:26:53	mcepl	set	messageid: <1383593213.58.0.82920866423.issue19494@psf.upfronthosting.co.za>
2013-11-04 19:26:53	mcepl	link	issue19494 messages
2013-11-04 19:26:53	mcepl	create