Actually, that's a feature, not a bug. It is not appropriate (nor
secure) for any web-authenticating tool to assume that the appropriate
authentication mechanism to use is "HTTP Basic", which always sends
barely-obfuscated, cleartext passwords. Previous behavior doing so was
in violation of relevant RFCs. The current expected behavior is that it
should not send Authorization header until the server gives back a "401
Unauthorized" response, and indicates the best authentication mechanism
to use.
However, some servers fail to provide that response, particularly if
they offer form-authentication as a viable alternative for
authentication. You can force wget to send basic authorization
immediately (just like its old behavior) by specifying --auth-no-
challenge.
(As an aside: the --post-file and --post-data options do not affect
request headers in any way; they affect the request body and method
only.)
** Changed in: wget (Ubuntu)
Status: Confirmed => Invalid
--
--http-user and --http-password ignored
https://bugs.launchpad.net/bugs/352372
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
