[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
bug#27022: url-retrieve + .authinfo bug
From: |
Lars Ingebrigtsen |
Subject: |
bug#27022: url-retrieve + .authinfo bug |
Date: |
Fri, 26 Jul 2019 10:56:21 +0200 |
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/27.0.50 (gnu/linux) |
Lars Ingebrigtsen <larsi@gnus.org> writes:
> Andy Wingo <wingo@pobox.com> writes:
>
>> If you try to do a url-retrieve over HTTP on a URL that requires HTTP
>> basic authentication, and you have an .authinfo file, and that .authinfo
>> contains an incorrect login, then Emacs will keep appending the same
>> Authorization: header to the request -- over and over, making the
>> request larger and larger, with no stop condition. Eventually nginx
>> produces a "400 Bad Request" error because there were too many headers.
>>
>> Emacs should instead error after the first attempt at authentication
>> fails.
>
> I'm able to reproduce this with this in my .authinfo file:
>
> machine jigsaw.w3.org:443 login guest password wrong
>
> and then:
>
> (url-retrieve "https://jigsaw.w3.org/HTTP/Basic/" #'ignore)
And this should now be fixed on the Emacs trunk.
--
(domestic pets only, the antidote for overdose, milk.)
bloggy blog: http://lars.ingebrigtsen.no