Problem
AuthDigestSession.cs contains a bare // TODO comment (no description, no issue reference) with dead commented-out code inside an empty if block. This has been there since the file was adapted from Mono's System.Net.DigestClient and serves no purpose — the block does nothing at runtime.
Location
- File:
src/Mono.Android/Xamarin.Android.Net/AuthDigestSession.cs
- Lines: 116–119
Current Code
string? HA2 (HttpURLConnection webRequest)
{
var uri = new Uri (webRequest.URL?.ToString ()!);
string ha2 = $"{webRequest.RequestMethod}:{uri.PathAndQuery}";
if (QOP == "auth-int") {
// TODO
// ha2 += String.Format (":{0}", hentity);
}
return HashToHexString (ha2);
}Suggested Fix
Remove the empty if (QOP == "auth-int") block entirely (including the bare // TODO and commented-out code) and add a brief comment explaining that auth-int QOP is not supported. The block currently does nothing — auth-int QOP silently falls through to the same behavior as auth mode. RFC 7616 auth-int requires hashing the entity body which is not available at this point, and auth-int is extremely rarely used by servers in practice.
string? HA2 (HttpURLConnection webRequest)
{
var uri = new Uri (webRequest.URL?.ToString ()!);
string ha2 = $"{webRequest.RequestMethod}:{uri.PathAndQuery}";
// Note: auth-int QOP (RFC 7616) is not supported; it would require
// hashing the entity body which is not available here.
return HashToHexString (ha2);
}Guidelines
- Keep the existing formatting style (tabs, Mono style braces)
- Do not change any other code in the file — this is a minimal dead code removal
- Do not add
#nullable enable or fix other issues in this PR (keep it focused)
Acceptance Criteria
Generated by Nightly Fix Finder · ● 2.6M · ◷
Problem
AuthDigestSession.cscontains a bare// TODOcomment (no description, no issue reference) with dead commented-out code inside an emptyifblock. This has been there since the file was adapted from Mono'sSystem.Net.DigestClientand serves no purpose — the block does nothing at runtime.Location
src/Mono.Android/Xamarin.Android.Net/AuthDigestSession.csCurrent Code
Suggested Fix
Remove the empty
if (QOP == "auth-int")block entirely (including the bare// TODOand commented-out code) and add a brief comment explaining thatauth-intQOP is not supported. The block currently does nothing —auth-intQOP silently falls through to the same behavior asauthmode. RFC 7616auth-intrequires hashing the entity body which is not available at this point, andauth-intis extremely rarely used by servers in practice.Guidelines
#nullable enableor fix other issues in this PR (keep it focused)Acceptance Criteria
// TODOcomment on line 117 is removedif (QOP == "auth-int")block (lines 116–119) is removedauth-intQOP is not supported