[Python-Dev] urllib2 doesn't grok URLs w/ user/passwd

Guido van Rossum guido at python.org
Tue Dec 30 14:28:52 EST 2003

> On Tuesday 30 December 2003 04:03 pm, Skip Montanaro wrote:
> > SF seems to be down for some unscheduled reason.  Posting here just so I
> > don't completely forget about it should I exit my web browser before SF is
> > back up...
> >
> > urllib2.urlopen("http://foo@www.python.org/") fails (at least in part)
> > because it fails to separate the username and password from the hostname.
> > Trying to open http://foo:bar@www.python.org/ reveals other shortcomings in
> > its url parsing.  It seems to me the syntactic bits shouldn't be difficult
> > to resolve using urllib.spluituser().  I'm much less clear what to do with
> > the username and password once they've been separated from the hostname.
> Presumably they need to be kept somewhere and sent in the Authorization
> header in case the server returns a 401 error and challenge (or a proxy 
> returns a 407 error and challenge) -- or maybe the Authorization header
> (with the base 64 encoding of user:pass) can be sent even as part of the
> first request to speed things up (assuming an authorization scheme of
> Basic).

This is what the ever-popular old urllib does.

> RFC 2617, I believe.  urllib2's architecture delegates authorization
> to separate components, of course, so I guess the userid and password
> should just be handed over to such components if they're present, but I
> haven't looked into that in detail.

Me neither.

--Guido van Rossum (home page: http://www.python.org/~guido/)

More information about the Python-Dev mailing list