[Bug 6836] wget redirected page use wrong authentication info

bugzilla at busybox.net bugzilla at busybox.net
Mon Feb 3 17:34:31 UTC 2014


https://bugs.busybox.net/show_bug.cgi?id=6836

--- Comment #3 from Dalei Liu <daleiliu at gmail.com> 2014-02-03 17:34:31 UTC ---
Thanks for the quick response.  This patch will surely work.  But here is what
I observed from GNU wget:

1. It only sends user/password after the 401 from the server.

2. If the first http request has user/password inside the URL, it will use it
for this original request but not the second 302 redirected URL.  It makes
sense because the user/password is only a part of the original URL.

3. If --user and --password is specified, it applies to both original and
redirected requests, and if there is another set of user/password inside the
URL, wget will override them with the --user/--password settings.

In the patch, it implies the redirected URL inherits the user/password from the
original URL, which may or may not what the user wants.  I could not find a
define behaviour of this situation from the RFCs, but it makes it a little bit
different between busybox wget and GNU version.

-- 
Configure bugmail: https://bugs.busybox.net/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.


More information about the busybox-cvs mailing list