From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!.POSTED.blaine.gmane.org!not-for-mail From: Lars Ingebrigtsen Newsgroups: gmane.emacs.bugs Subject: bug#37187: 26.2; url-retrieve redirect lost Authorization headers Date: Fri, 20 Sep 2019 22:36:18 +0200 Message-ID: <877e627lj1.fsf@gnus.org> References: Mime-Version: 1.0 Content-Type: text/plain Injection-Info: blaine.gmane.org; posting-host="blaine.gmane.org:195.159.176.226"; logging-data="82064"; mail-complaints-to="usenet@blaine.gmane.org" User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.0.50 (gnu/linux) Cc: 37187@debbugs.gnu.org, Thomas Fitzsimmons To: Romain Ouabdelkader Original-X-From: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Fri Sep 20 22:37:12 2019 Return-path: Envelope-to: geb-bug-gnu-emacs@m.gmane.org Original-Received: from lists.gnu.org ([209.51.188.17]) by blaine.gmane.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.89) (envelope-from ) id 1iBPeR-000LBp-TH for geb-bug-gnu-emacs@m.gmane.org; Fri, 20 Sep 2019 22:37:12 +0200 Original-Received: from localhost ([::1]:35338 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1iBPeQ-0003Zk-7M for geb-bug-gnu-emacs@m.gmane.org; Fri, 20 Sep 2019 16:37:10 -0400 Original-Received: from eggs.gnu.org ([2001:470:142:3::10]:44834) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1iBPeI-0003ZW-TW for bug-gnu-emacs@gnu.org; Fri, 20 Sep 2019 16:37:03 -0400 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1iBPeH-0004cK-R3 for bug-gnu-emacs@gnu.org; Fri, 20 Sep 2019 16:37:02 -0400 Original-Received: from debbugs.gnu.org ([209.51.188.43]:49794) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1iBPeH-0004cE-Nc for bug-gnu-emacs@gnu.org; Fri, 20 Sep 2019 16:37:01 -0400 Original-Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1iBPeH-0007wM-KI for bug-gnu-emacs@gnu.org; Fri, 20 Sep 2019 16:37:01 -0400 X-Loop: help-debbugs@gnu.org Resent-From: Lars Ingebrigtsen Original-Sender: "Debbugs-submit" Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Fri, 20 Sep 2019 20:37:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 37187 X-GNU-PR-Package: emacs Original-Received: via spool by 37187-submit@debbugs.gnu.org id=B37187.156901178530473 (code B ref 37187); Fri, 20 Sep 2019 20:37:01 +0000 Original-Received: (at 37187) by debbugs.gnu.org; 20 Sep 2019 20:36:25 +0000 Original-Received: from localhost ([127.0.0.1]:58615 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1iBPdg-0007vP-UJ for submit@debbugs.gnu.org; Fri, 20 Sep 2019 16:36:25 -0400 Original-Received: from quimby.gnus.org ([80.91.231.51]:35812) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1iBPdf-0007vH-0c for 37187@debbugs.gnu.org; Fri, 20 Sep 2019 16:36:23 -0400 Original-Received: from cm-84.212.202.86.getinternet.no ([84.212.202.86] helo=marnie) by quimby.gnus.org with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.89) (envelope-from ) id 1iBPda-0005z1-Tm; Fri, 20 Sep 2019 22:36:21 +0200 In-Reply-To: (Romain Ouabdelkader's message of "Mon, 26 Aug 2019 00:08:35 +0200") X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 209.51.188.43 X-BeenThere: bug-gnu-emacs@gnu.org List-Id: "Bug reports for GNU Emacs, the Swiss army knife of text editors" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Original-Sender: "bug-gnu-emacs" Xref: news.gmane.org gmane.emacs.bugs:166804 Archived-At: Romain Ouabdelkader writes: > I have an issue with the 'url-retrieve' function: > If the target url returns a redirect, the 'Authorization' header is not > sent on the redirect url. This is apparently on purpose: ;; Do not automatically include an authorization header in the ;; redirect. If needed it will be regenerated by the relevant ;; auth scheme when the new request happens. (setq url-http-extra-headers (cl-remove "Authorization" url-http-extra-headers :key 'car :test 'equal)) It's from this patch: commit 325200ac1dcf5bed6918ea827d8a48d89487e083 Author: Thomas Fitzsimmons Date: Wed Sep 23 01:45:29 2015 -0400 Do not include authorization header in an HTTP redirect * lisp/url/url-http.el (url-http-parse-headers): Do not automatically include Authorization header in redirect. (Bug#21350) And I think that makes sense -- when there's a redirect, the domain may be new, and the auth should perhaps not be sent there. I've had a look at the standards, but I can't see that they say anything about this, so I think that perhaps this works as it's supposed to. But I haven't checked what Firefox does, for instance. -- (domestic pets only, the antidote for overdose, milk.) bloggy blog: http://lars.ingebrigtsen.no