New submission from Atul Varma: This isn't necessarily a bug in Python--it's really a bug in websites that produce what are technically malformed WWW-Authenticate headers, I believe.
According to RFC 2617, a WWW-Authenticate header should be of the form: WWW-Authenticate: Basic realm="Private" However, some websites, produce the header using single-quotes: WWW-Authenticate: Basic realm='Private' The Firefox browser deals with this gracefully, but Python's urllib2 does not; specifically, an AbstractBasicAuthHandler does not recognize the second type of header as an auth header at all, and as a result it's impossible to access sites protected with such headers. The attached patch alters the behavior of the class to deal with this situation gracefully, and also adds a unit test to ensure that the functionality works. Implementation notes: This isn't the most well-engineered fix in the world; in particular, I didn't change the regex used to parse WWW-Authenticate headers, in part because (A) such a regex was difficult to compose and (B) it would've been quite difficult to read, and I didn't want to inadvertently mess up the current behavior of the code. ---------- components: Library (Lib) files: urllib2_single_quoted_auth_fix.patch messages: 62513 nosy: varmaa severity: minor status: open title: urllib2 basic auth handler doesn't handle realm names in single-quoted strings type: behavior versions: Python 2.6 Added file: http://bugs.python.org/file9455/urllib2_single_quoted_auth_fix.patch __________________________________ Tracker <[EMAIL PROTECTED]> <http://bugs.python.org/issue2136> __________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
