Ian Cordasco added the comment: > However, one sticking point is whether that optimization may also have > adverse effects in terms of security (since we would always be sending auth > headers, even when the server doesn't ask for it...).
Antoine's concern has always been a concern of mine. There's an important part of this discussion that seems to have been left off. Even security conscious websites like GitHub do not return 404s for all endpoints that require you to authenticate. That fact aside, I think seeing how popular the package Matej added to PyPI will be a good way to decide how essential this is to add to Python 2.7. I am of course biased as a requests core developer and a large-scale GitHub API consumer, but I think this is a fairer way to make a decision. The patch for Python 3.5, however, looks great. ---------- _______________________________________ Python tracker <rep...@bugs.python.org> <http://bugs.python.org/issue19494> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
