jvasileff opened a new pull request, #467:
URL: https://github.com/apache/httpcomponents-client/pull/467
For digest authentication, in RFC2617 section 3.2.2:
The values of the opaque and algorithm fields must be those supplied
in the WWW-Authenticate response header for the entity being
requested.
This commit honors that rule, and removes the previous behavior that
augmented the request header with "algorithm=MD5" when none was provided in the
server's response.
This change adheres to the letter of the specification. It also stands to
reason that if the server failed to provide "algorithm=..." in its
"WWW-Authenticate" header, the server should be fine with the client failing to
provide "algorithm=..." in the "Authorization" header.
The motivation for this change is that including "algorithm=MD5" in the
"Authorization" header causes http requests to fail when made to an embedded
system, which I suspect to be a an Espressif ESP32 web server.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
