Hi, On Fri, Jun 5, 2015 at 9:26 PM, Jeroen Ooms <[email protected]> wrote: > For the libcurl bindings in the R programming language, I would like > to user to be able to connect to an arbitrary server using any > authentication method. However setting CURLOPT_HTTPAUTH to > CURLAUTH_ANY actually causes authentication failures in some cases. > > Here is an example: > https://gist.github.com/jeroenooms/94ed3749f0f401900b73. This > particular example uses hidden basic auth. It works with the default > CURLOPT_HTTPAUTH but when we set it to CURLAUTH_ANY it fails.
As far as I can tell, this is by design. How do you want libcurl to pick an authentication method if it doesn't know what the server supports? If *you* know then tell it to libcurl and don't use CURLAUTH_ANY. > When we change the URL to http://httpbin.org/basic-auth/jerry/secret > we see what happens. When CURLAUTH_ANY is set, curl first performs a > request without Authorization header, and then when the server returns > a 401 it tries again with Authorization header. This doesn't work for > hidden auth because it returns a 404 instead of 401. To my understanding the server is broken here, not the client. HTH, Isaac B. ------------------------------------------------------------------- List admin: http://cool.haxx.se/list/listinfo/curl-library Etiquette: http://curl.haxx.se/mail/etiquette.html
