You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Is your feature request related to a problem? Please describe.
esp_http_client currently retries authorization attempts up to the maximum number of redirects. This is a problem because if an incorrect password is provided, esp_http_client will retry that incorrect password 10 times by default. This is likely to trigger an account lock-out on many servers.
Describe the solution you'd like
esp_http_client should only retry an authorization failure once, and only if the current authorization type is set to HTTP_AUTH_TYPE_NONE. It can then attempt to set DIGEST or BASIC once based on the server response.
This change can be made easily by adding a check in esp_http_client_add_auth() if (client->connection_info.auth_type != HTTP_AUTH_TYPE_NONE) return;
Describe alternatives you've considered
The current implementation provides no alternatives, so I have made a copy of esp_http_client and modified it. I would like not to have my own version of esp_http_client, though.
Additional context
The text was updated successfully, but these errors were encountered:
github-actionsbot
changed the title
Change the number of esp_http_client authorization retries
Change the number of esp_http_client authorization retries (IDFGH-3445)
Jun 6, 2020
Is your feature request related to a problem? Please describe.
esp_http_client currently retries authorization attempts up to the maximum number of redirects. This is a problem because if an incorrect password is provided, esp_http_client will retry that incorrect password 10 times by default. This is likely to trigger an account lock-out on many servers.
Describe the solution you'd like
esp_http_client should only retry an authorization failure once, and only if the current authorization type is set to HTTP_AUTH_TYPE_NONE. It can then attempt to set DIGEST or BASIC once based on the server response.
This change can be made easily by adding a check in esp_http_client_add_auth()
if (client->connection_info.auth_type != HTTP_AUTH_TYPE_NONE) return;
Describe alternatives you've considered
The current implementation provides no alternatives, so I have made a copy of esp_http_client and modified it. I would like not to have my own version of esp_http_client, though.
Additional context
The text was updated successfully, but these errors were encountered: