You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@hc.apache.org by "James Leigh (JIRA)" <ji...@apache.org> on 2013/04/20 04:53:15 UTC

[jira] [Created] (HTTPCLIENT-1344) Userinfo Credentials in URI Should Not Default to Preemptive Authentication

James Leigh created HTTPCLIENT-1344:
---------------------------------------

             Summary: Userinfo Credentials in URI Should Not Default to Preemptive Authentication
                 Key: HTTPCLIENT-1344
                 URL: https://issues.apache.org/jira/browse/HTTPCLIENT-1344
             Project: HttpComponents HttpClient
          Issue Type: Bug
          Components: HttpClient
    Affects Versions: 4.2.4
            Reporter: James Leigh


When using a request like new HttpGet("http://user:pass@example.com/") HttpClient will send along Authorization: Basic header with the first request (even if the server uses Digest Access).

The expected behaviour is for HttpClient to send a request with no user credentials at all, wait for the server to send a 401 response. Then based on the supported auth scheme, send another request with the credentials in a scheme that is supported by the server.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
For additional commands, e-mail: dev-help@hc.apache.org