--- Begin Message ---
Subject: |
25.0.50; Do not automatically include authorization header in HTTP redirects |
Date: |
Tue, 25 Aug 2015 22:37:46 -0400 |
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/25.0.50 (gnu/linux) |
Hi,
This patch is required for url-http-ntlm.el to handle redirects. I'd
like someone more familiar with url-http.el to review it. Basically,
this patch leaves it up to the authentication scheme to decide whether
to include an "Authorization" across a redirect or not.
I tested this on normal redirects (independent of url-http-ntlm.el) and
it seems to work fine, with the built-in Basic authorization scheme
re-adding the header where required.
Thanks,
Thomas
0001-Do-not-include-authorization-header-in-an-HTTP-redir.patch
Description: Text Data
--- End Message ---
--- Begin Message ---
Subject: |
Re: bug#21350: 25.0.50; Do not automatically include authorization header in HTTP redirects |
Date: |
Wed, 23 Sep 2015 02:09:32 -0400 |
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/25.0.50 (gnu/linux) |
Stefan Monnier <address@hidden> writes:
>> Here's the updated patch that I tested. Does it look OK stylistically?
>
> Yes, but you need to change the beginning of the file so cl-lib is not
> only require when compiling but also at run-time (since cl-remove is
> not a macro but a function).
OK, I pushed the patch. Thanks for reviewing.
I had hoped to publish a Docker image that would allow testing the
various authorization schemes across redirects, but configuring a server
to authenticate with NTLM using Free Software proved too difficult. I
did test against a proprietary NTLM implementation, and against the two
built-in auth schemes as well. The results were:
| Authenticated Redirect |
|-------------+---------------+------------|
| Auth Scheme | Without Patch | With Patch |
|-------------+---------------+------------|
| Basic | Works | Works |
| Digest | Fails | Fails |
| NTLM | Fails | Works |
I'm not sure what's wrong with the digest scheme (Firefox works), but
this patch doesn't make digest redirects worse.
Thomas
--- End Message ---