You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
compare corresponding records in the web-server logs (for the httplib2-request and for the curl-request)
ER: HTTP-header for the httplib2-request is present in web-server logs in format like 'Authorization': 'Basic <encoded_string>' as well as for corresponding curl-request
The text was updated successfully, but these errors were encountered:
well, I done some investigations and found out something interesting in the code of library:
(httplib2/init.py, class Http, method _request:
if response.status == 401:
for authorization in self._auth_from_challenge(
host, request_uri, headers, response, content
):
authorization.request(method, request_uri, headers, body)
(response, content) = self._conn_request(
conn, request_uri, method, body, headers
)
if response.status != 401:
self.authorizations.append(authorization)
authorization.response(response, body)
break
According to this logic - 1) first httplib2.request will try to open the url without any credentials 2) if it received a 401 response code - it will retry the request by adding the credentials header. And this is not normal, because: 1) 2 physical requests are sent instead of 1 and 2) the web server can send a response code different from 401 (for example, in the case of 2 options on the web server - for registered and anonymous users, such as my one).
Therefore, I suggest changing this logic, for example - if something was written in self.credentials, then the 1st request should be sent with these credentials right away.
The "Authorization" header field allows a user agent to authenticate itself with an origin server -- usually, but not necessarily, after receiving a 401 (Unauthorized) response.
Of course, sending authorization header on first request is a nice enhancement, patches are welcome. It must be guarded with option switch defaulting to current behavior.
Thnks!
Possibly I'll try to write such patch later but rather you can do it in the next release by yourself - I'm not so good in Python for this moment :(
environment: OS xUbuntu 18.04.4; Python 3.6.9; httplib2 0.18.1 (gzip)
summary: executing
h.add_credentials('user', 'password', 'localhost')
code isn't sending HTTP-header 'Authorization': 'Basic <encoded_string>' to the web-serverSTR:
ER: HTTP-header for the httplib2-request is present in web-server logs in format like 'Authorization': 'Basic <encoded_string>' as well as for corresponding curl-request
The text was updated successfully, but these errors were encountered: