[New-bugs-announce] [issue15310] urllib: Support for multiple WWW-Authenticate headers and/or multiple challenges per header

Thomas Parslow report at bugs.python.org
Tue Jul 10 00:40:49 CEST 2012 

New submission from Thomas Parslow <tom at almostobsolete.net>:

The HTTP spec specifies that the 401 (Unauthorized) response can be accompanied by multiple challenges, either as separate WWW-Authenticate headers or in a single WWW-Authenticate header separated by commas. The client should always pick the strongest supported which in the case of urllib is "digest". Unknown challenge types (for urllib that's anything but "basic" and "digest") should be ignored as long as there is a known one as well.

This is my first patch submission to cpython so please do point out anything I've done wrong! I'd like do more work on cpython so best to nip any bad habits in the bud!

In this patch I've re-written the parsing code to support this. I've tried to re-use existing code as much as possible, so I've based the new parser on the existing parse_http_list which I had to extend so that it can be used to parse single quoted strings. These single quoted strings are not valid for the HTTP spec but apparently they do appear in the wild and the existing implementation allowed them so I've continued to allow them. I've also kept the existing behaviour with regards to unquoted realm values, a warning is raised but otherwise they are allowed. The requirement of raising the warning added a slightly awkward bit to the code, but I assumed there was a good reason for that warning being there so I kept it in.

----------
components: Library (Lib)
files: urllib-multi-authenticate-challenges.patch
keywords: patch
messages: 165132
nosy: almost
priority: normal
severity: normal
status: open
title: urllib: Support for multiple WWW-Authenticate headers and/or multiple challenges per header
type: behavior
versions: Python 3.4
Added file: http://bugs.python.org/file26337/urllib-multi-authenticate-challenges.patch

_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue15310>
_______________________________________

More information about the New-bugs-announce mailing list