[
https://issues.apache.org/jira/browse/HTTPCLIENT-1345?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Oleg Kalnichevski resolved HTTPCLIENT-1345.
-------------------------------------------
Resolution: Fixed
Fixed in SVN trunk. Please review / re-test.
Oleg
> Useinfo Credentials Ignored In Redirect Location Header
> -------------------------------------------------------
>
> Key: HTTPCLIENT-1345
> URL: https://issues.apache.org/jira/browse/HTTPCLIENT-1345
> Project: HttpComponents HttpClient
> Issue Type: Bug
> Components: HttpClient
> Affects Versions: 4.2.4
> Reporter: James Leigh
> Fix For: 4.3 Beta2
>
>
> When HttpClient is configured to follow redirects and receives an 303
> response with a
> Location header that includes userinfo, such as http://user:[email protected]/
> the username and password are ignored.
> The expected behaviour is that if the request to the target location (without
> credentials) responds with a 401, that HttpClient would use the userinfo
> credentials in the previous response Location header to authenticate and
> store the credentials in the execution context. This is the behaviour of most
> Web agents such as Chrome, Firefox, Safari, libcurl, and others.
> HttpClient should still wait for the 401 response (by default) before sending
> the credentials as outlined in 1344:
> Userinfo Credentials in URI Should Not Default to Preemptive Authentication
> https://issues.apache.org/jira/browse/HTTPCLIENT-1344
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
