[HTTPCLIENT-1344] Userinfo Credentials in URI Should Not Default to Preemptive Authentication - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: 4.2.4
Fix Version/s: 4.3 Beta2
Component/s: HttpClient (classic)
Labels:
None

Description

When using a request like new HttpGet("http://user:pass@example.com/") HttpClient will send along Authorization: Basic header with the first request (even if the server uses Digest Access).

The expected behaviour is for HttpClient to send a request with no user credentials at all, wait for the server to send a 401 response. Then based on the supported auth scheme, send another request with the credentials in a scheme that is supported by the server.

Attachments

Activity

People

Assignee:: Unassigned

Reporter:: James Leigh

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 20/Apr/13 02:51

Updated:: 05/Oct/13 19:42

Resolved:: 16/May/13 14:18