James Leigh created HTTPCLIENT-1345:
---------------------------------------
Summary: Useinfo Credentials Ignored In Redirect Location Header
Key: HTTPCLIENT-1345
URL: https://issues.apache.org/jira/browse/HTTPCLIENT-1345
Project: HttpComponents HttpClient
Issue Type: Bug
Components: HttpClient
Affects Versions: 4.2.4
Reporter: James Leigh
When HttpClient is configured to follow redirects and receives an 303 response
with a
Location header that includes userinfo, such as http://user:[email protected]/
the username and password are ignored.
The expected behaviour is that if the request to the target location (without
credentials) responds with a 401, that HttpClient would use the userinfo
credentials in the previous response Location header to authenticate and store
the credentials in the execution context. This is the behaviour of most Web
agents such as Chrome, Firefox, Safari, libcurl, and others.
HttpClient should still wait for the 401 response (by default) before sending
the credentials as outlined in 1344:
Userinfo Credentials in URI Should Not Default to Preemptive Authentication
https://issues.apache.org/jira/browse/HTTPCLIENT-1344
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
