On Thu, 17 Jul 2014, Michael Osipov wrote:
I'm fully convinved you will find servers out there returning headers like
that.
Maybe true but that is not covered in libcurl also. You cannot scope the
auth.
Right, but that's a separate limitation. It has been worked on in the past but
it was never completed.
If the server offers two separate realms for the same path, surely it would
then also possibly accept two different credentials for that path so the lack
of scoping wouldn't matter in that particular case!
Yes, because you're asking for it!
Then I would at least require the docs to say that preempive is is performed
by default. Users should be aware that they could disclose information.
Yes it should! But you're expressing this funnily. If if _does_ probe first,
it will disclose the exact same information if the server asks for basic auth
...
After that at least, I have found a bug in curl which ends in an endless
redirect. I will report shortly.
Ouch!
If there's a missing option it would then rather be one that allows you to
say "I only want to use {basic,digest,ntlm,...} but I still want to probe
first" - which libcurl can do but that ability isn't exposed to the command
line tool afair.
How would that go in libcurl, I mean not preemptive?
Add the 'CURLAUTH_ONLY' bit. Like when asking for only basic with a probe:
CURLAUTH_BASIC | CURLAUTH_ONLY
--
/ daniel.haxx.se
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html
