Skip to content

Fix HTTPDigestAuth uri field truncated by semicolons in URL path#7413

Open
zons-zhaozhy wants to merge 1 commit intopsf:mainfrom
zons-zhaozhy:fix/digest-auth-uri-semicolon-params
Open

Fix HTTPDigestAuth uri field truncated by semicolons in URL path#7413
zons-zhaozhy wants to merge 1 commit intopsf:mainfrom
zons-zhaozhy:fix/digest-auth-uri-semicolon-params

Conversation

@zons-zhaozhy
Copy link
Copy Markdown

@zons-zhaozhy zons-zhaozhy commented May 5, 2026

When a URL contains path parameters delimited by semicolons (e.g. https://musicbrainz.org/ws/2/artist;name=Nirvana), urllib.parse.urlparse splits the path into .path and .params attributes. HTTPDigestAuth.build_digest_header() was only using .path and .query, so the uri field in the Authorization header was truncated, causing authentication to fail on servers that validate the full request URI.

This was reported in #6990 with a concrete MusicBrainz API example.

Fix: include p_parsed.params when reconstructing the path in build_digest_header().

Added a unit test that verifies the uri field includes semicolon-delimited path parameters.

@zzy-git
Fix digest auth uri field ignoring path parameters after semicolons
418c76b 
urllib.parse.urlparse splits path parameters (delimited by semicolons)
into the .params attribute. The build_digest_header method was only using
.path and .query, causing the uri field in the Authorization header to be
truncated for URLs with matrix-style parameters.

Fixes psf#6990
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@zons-zhaozhy @zzy-git