Skip to content

Using a blank username in the URL results in (nil) being encoded into the Authorization header #7819

Closed
@rick-a-lane-ii

Description

@rick-a-lane-ii

I did this

curl -I -vvv http://:example@www.example.com

Authorization: Basic KG5pbCk6ZXhhbXBsZQ==

echo 'KG5pbCk6ZXhhbXBsZQ==' | base64 -d

(nil):example

I expected the following

Authorization: Basic OmV4YW1wbGU=

echo 'OmV4YW1wbGU=' | base64 -d

:example

curl/libcurl version

curl 7.79.1 (x86_64-pc-linux-musl) libcurl/7.79.1 OpenSSL/1.1.1l zlib/1.2.11 libssh2/1.9.0 nghttp2/1.42.0
Release-Date: 2021-09-22
Protocols: dict file ftp ftps gopher gophers http https imap imaps mqtt pop3 pop3s rtsp scp sftp smb smbs smtp smtps telnet tftp
Features: alt-svc AsynchDNS HSTS HTTP2 HTTPS-proxy IPv6 Largefile libz NTLM NTLM_WB SSL TLS-SRP UnixSockets

curl 7.79.1 (x86_64-apple-darwin20.4.0) libcurl/7.79.1 (SecureTransport) OpenSSL/1.1.1l zlib/1.2.11 brotli/1.0.9 zstd/1.5.0 libidn2/2.3.2 libssh2/1.10.0 nghttp2/1.45.1 librtmp/2.3 OpenLDAP/2.5.7
Release-Date: 2021-09-22
Protocols: dict file ftp ftps gopher gophers http https imap imaps ldap ldaps mqtt pop3 pop3s rtmp rtsp scp sftp smb smbs smtp smtps telnet tftp
Features: alt-svc AsynchDNS brotli GSS-API HSTS HTTP2 HTTPS-proxy IDN IPv6 Kerberos Largefile libz MultiSSL NTLM NTLM_WB SPNEGO SSL TLS-SRP UnixSockets zstd

operating system

Linux redacted 5.10.16.3-microsoft-standard-WSL2 #1 SMP Fri Apr 2 22:23:49 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux

Darwin redacted 20.6.0 Darwin Kernel Version 20.6.0: Mon Aug 30 06:12:21 PDT 2021; root:xnu-7195.141.6~3/RELEASE_X86_64 x86_64

Metadata

Metadata

Assignees

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions