On Thu, 17 Jul 2014, Michael Osipov wrote:
Yes it should! But you're expressing this funnily. If if _does_ probe
first, it will disclose the exact same information if the server asks for
basic auth
Haven't noticed that I brought some fun into it.
"funny" in the meaning of "strange" or "pecu
> Von: "Daniel Stenberg"
> On Thu, 17 Jul 2014, Michael Osipov wrote:
> >> Yes, because you're asking for it!
> >
> > Then I would at least require the docs to say that preempive is is
> > performed
> > by default. Users should be aware that they could disclose information.
>
> Yes it should!
On Thu, 17 Jul 2014, Michael Osipov wrote:
I'm fully convinved you will find servers out there returning headers like
that.
Maybe true but that is not covered in libcurl also. You cannot scope the
auth.
Right, but that's a separate limitation. It has been worked on in the past but
it was n
> Von: "Daniel Stenberg"
> On Thu, 17 Jul 2014, Michael Osipov wrote:
>
> > WWW-Authenticate: Basic ream="A"
> > WWW-Authenticate: Basic ream="B"
> >
> > That makes no sense and is incorrect.
>
> Is it really? What if it has two overlapping realms and offer you to login to
> any of them to acce
