New submission from Thomas Parslow <t...@almostobsolete.net>: The HTTP spec specifies that the 401 (Unauthorized) response can be accompanied by multiple challenges, either as separate WWW-Authenticate headers or in a single WWW-Authenticate header separated by commas. The client should always pick the strongest supported which in the case of urllib is "digest". Unknown challenge types (for urllib that's anything but "basic" and "digest") should be ignored as long as there is a known one as well.
This is my first patch submission to cpython so please do point out anything I've done wrong! I'd like do more work on cpython so best to nip any bad habits in the bud! In this patch I've re-written the parsing code to support this. I've tried to re-use existing code as much as possible, so I've based the new parser on the existing parse_http_list which I had to extend so that it can be used to parse single quoted strings. These single quoted strings are not valid for the HTTP spec but apparently they do appear in the wild and the existing implementation allowed them so I've continued to allow them. I've also kept the existing behaviour with regards to unquoted realm values, a warning is raised but otherwise they are allowed. The requirement of raising the warning added a slightly awkward bit to the code, but I assumed there was a good reason for that warning being there so I kept it in. ---------- components: Library (Lib) files: urllib-multi-authenticate-challenges.patch keywords: patch messages: 165132 nosy: almost priority: normal severity: normal status: open title: urllib: Support for multiple WWW-Authenticate headers and/or multiple challenges per header type: behavior versions: Python 3.4 Added file: http://bugs.python.org/file26337/urllib-multi-authenticate-challenges.patch _______________________________________ Python tracker <rep...@bugs.python.org> <http://bugs.python.org/issue15310> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
