Message 50173 - Python tracker

➜

This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author	jjlee
Recipients
Date	2006-05-01.22:35:47
SpamBayes Score
Marked as misclassified
Message-id
In-reply-to

Content
urllib2 redirects HTTP digest authorisation credentials, which is never useful (because the redirection will change the digest), and may cause a 400 error if for example the handler finds credentials for an initial request, but fails to finds credentials for a redirected request. In that case a stale Authorization or Proxy-authorization header will get returned to the server, causing a 400 error. I've verified this makes the 400 go away for example in the case where http://localhost/foo gets 301 redirected to http://127.0.0.1/foo/ (i.e. with a slash on the end), where I've only added username/password for "localhost" and not "127.0.0.1". The fix is trivial. 2.4 backport candidate.

urllib2 redirects HTTP digest authorisation
credentials, which is never useful (because the
redirection will change the digest), and may cause a
400 error if for example the handler finds credentials
for an initial request, but fails to finds credentials
for a redirected request.  In that case a stale
Authorization or Proxy-authorization header will get
returned to the server, causing a 400 error.

I've verified this makes the 400 go away for example in
the case where http://localhost/foo gets 301 redirected
to http://127.0.0.1/foo/ (i.e. with a slash on the
end), where I've only added username/password for
"localhost" and not "127.0.0.1".

The fix is trivial.

2.4 backport candidate.

History
Date	User	Action	Args
2007-08-23 15:48:41	admin	link	issue1480067 messages
2007-08-23 15:48:41	admin	create