[issue13323] urllib2 does not correctly handle multiple www-authenticate headers in an HTTP response

Martin Panter added the comment: Issue 15310 appears to have a more thorough patch -- nosy: +vadmium ___ Python tracker ___ ___ Python

[issue13323] urllib2 does not correctly handle multiple www-authenticate headers in an HTTP response

Senthil Kumaran added the comment: Sigmund: Sorry for the delay. I shall act on this. -- ___ Python tracker ___ ___ Python-bugs-list m

[issue13323] urllib2 does not correctly handle multiple www-authenticate headers in an HTTP response

Sigmund Augdal added the comment: Can someone please apply this patch or provide a reason why it should not be applied? -- nosy: +Sigmund.Augdal ___ Python tracker ___ _

[issue13323] urllib2 does not correctly handle multiple www-authenticate headers in an HTTP response

David Fischer added the comment: With this patch, the AbstractBasicAuthHandler (and its subclasses) performs a regex search on the amalgamated "www-authenticate" header for basic authentication. This fixes the case where you have an HTTP response of the form: HTTP/1.1 401 Authorization Requ

[issue13323] urllib2 does not correctly handle multiple www-authenticate headers in an HTTP response

Martin v. Löwis added the comment: Would you like to provide a patch? -- ___ Python tracker ___ ___ Python-bugs-list mailing list Uns

[issue13323] urllib2 does not correctly handle multiple www-authenticate headers in an HTTP response

David Fischer added the comment: I think the key words in the RFC are "strongest auth-scheme it understands". I think in an ideal world, the urllib2 opener (given its handlers) would see that it doesn't understand the second auth-scheme and then see if it understands the first one. However, t

[issue13323] urllib2 does not correctly handle multiple www-authenticate headers in an HTTP response

Changes by Petri Lehtinen : -- nosy: +petri.lehtinen ___ Python tracker ___ ___ Python-bugs-list mailing list Unsubscribe: http://mai

[issue13323] urllib2 does not correctly handle multiple www-authenticate headers in an HTTP response

Martin v. Löwis added the comment: So what do you propose to do? RFC 2617 specifies The user agent MUST choose to use one of the challenges with the strongest auth-scheme it understands and request credentials from the user based upon that challenge. --

[issue13323] urllib2 does not correctly handle multiple www-authenticate headers in an HTTP response

David Fischer added the comment: Perhaps I should have chosen my words more carefully. There are two www-authenticate headers the single HTTP response. -- ___ Python tracker __

[issue13323] urllib2 does not correctly handle multiple www-authenticate headers in an HTTP response

Martin v. Löwis added the comment: > I ran into an application that responded with two www-authenticate > challenges to an HTTP request. First, it sends a standard Basic > authentication challenge and then it also returns a www-authenticate > header referencing another scheme. What exactly do

[issue13323] urllib2 does not correctly handle multiple www-authenticate headers in an HTTP response

Changes by dmitry be : -- nosy: +Dmitry.Beransky ___ Python tracker ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.py

[issue13323] urllib2 does not correctly handle multiple www-authenticate headers in an HTTP response

Changes by Senthil Kumaran : -- assignee: -> orsenthil nosy: +orsenthil ___ Python tracker ___ ___ Python-bugs-list mailing list Unsu

[issue13323] urllib2 does not correctly handle multiple www-authenticate headers in an HTTP response

New submission from David Fischer : I ran into an application that responded with two www-authenticate challenges to an HTTP request. First, it sends a standard Basic authentication challenge and then it also returns a www-authenticate header referencing another scheme. This looks legal to me