Matej Cepl added the comment: Also let me add from RFC 2617, end of section 2:
> A client MAY preemptively send the corresponding Authorization > header with requests for resources in that space without > receipt of another challenge from the server. Similarly, when > a client sends a request to a proxy, it may reuse a userid and > password in the Proxy-Authorization header field without > receiving another challenge from the proxy server. See section > 4 for security considerations associated with Basic > authentication. So sending "Authorization" in the introductory request is not only performance hack, but it is also anticipated by RFC. ---------- _______________________________________ Python tracker <rep...@bugs.python.org> <http://bugs.python.org/issue19494> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
