You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This isn't necessarily a bug in Python--it's really a bug in websites
that produce what are technically malformed WWW-Authenticate headers, I
believe.
According to RFC 2617, a WWW-Authenticate header should be of the form:
WWW-Authenticate: Basic realm="Private"
However, some websites, produce the header using single-quotes:
WWW-Authenticate: Basic realm='Private'
The Firefox browser deals with this gracefully, but Python's urllib2
does not; specifically, an AbstractBasicAuthHandler does not recognize
the second type of header as an auth header at all, and as a result it's
impossible to access sites protected with such headers.
The attached patch alters the behavior of the class to deal with this
situation gracefully, and also adds a unit test to ensure that the
functionality works.
Implementation notes: This isn't the most well-engineered fix in the
world; in particular, I didn't change the regex used to parse
WWW-Authenticate headers, in part because (A) such a regex was difficult
to compose and (B) it would've been quite difficult to read, and I
didn't want to inadvertently mess up the current behavior of the code.
Note: these values reflect the state of the issue at the time it was migrated and might not reflect the current state.
Show more details
GitHub fields:
bugs.python.org fields:
The text was updated successfully, but these errors were encountered: