[issue12541] Accepting Badly formed headers in urllib HTTPBasicAuth
New submission from Alex Leon : It looks like some servers using basic authentication don't include quotes around the realm (example https://api.connect2field.com) as required by rfc 2617. urllib wont handle these requests and silently fails, but a simple change to the regex in AbstractBasicAuthHandler from 'realm=(["\'])(.*?)\\2', re.I) to 'realm=(["\']?)(["\']*)\\2', re.I) would make authentication more flexible. -- components: Library (Lib) messages: 140191 nosy: Alex.Leon priority: normal severity: normal status: open title: Accepting Badly formed headers in urllib HTTPBasicAuth type: behavior versions: Python 3.2 ___ Python tracker <http://bugs.python.org/issue12541> ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue12541] Accepting Badly formed headers in urllib HTTPBasicAuth
Alex Leon added the comment: For some reason a caret went missing in the regex fix. It should read 'realm=(["\']?)([^"\']*)\\2', re.I) -- ___ Python tracker <http://bugs.python.org/issue12541> ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue12541] Accepting Badly formed headers in urllib HTTPBasicAuth
Alex Leon added the comment: It could have a 2 phase regex match. We match the first one, and if it fails, match the second and produce a warning. I think producing a warning is a good idea, as it allows the programmer to know that the implementation of basic auth they are trying to connect to is broken, and might help with future connection attempts. Also there are currently no warnings produced by python if it fails to parse the auth header, and its hard for a developer to know why. -- ___ Python tracker <http://bugs.python.org/issue12541> ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
