Follow-up Comment #1, bug #57686 (project wget): Ok, I figured out that the main reason for the challenge was not a security but because we don't know which auth scheme uses server: basic or digest. So in the response for the first request server returns `WWW-Auth digest` then it will send password hash instead of clear password as for basic auth.
curl have an option -anyuth that works as wget by default. So we can make `--auth-no-challenge` by default (i.e. send credentials without pre-request) and add the same `-anyauth` option as curl have for those who previous behavior. I.e. make wget working the same as curl. _______________________________________________________ Reply to this item at: <https://savannah.gnu.org/bugs/?57686> _______________________________________________ Message sent via Savannah https://savannah.gnu.org/