From 172e7257f65e5d37974aacf0c467e76a321ddf2c Mon Sep 17 00:00:00 2001 From: Georg Brandl Date: Wed, 7 Mar 2007 07:39:06 +0000 Subject: [PATCH] Patch #812285: allow multiple auth schemes in AbstractBasicAuthHandler. --- Lib/urllib2.py | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/Lib/urllib2.py b/Lib/urllib2.py index 58b480dcb8..b0afac2cda 100644 --- a/Lib/urllib2.py +++ b/Lib/urllib2.py @@ -767,11 +767,10 @@ class HTTPPasswordMgrWithDefaultRealm(HTTPPasswordMgr): class AbstractBasicAuthHandler: - rx = re.compile('[ \t]*([^ \t]+)[ \t]+realm="([^"]*)"', re.I) + # XXX this allows for multiple auth-schemes, but will stupidly pick + # the last one with a realm specified. - # XXX there can actually be multiple auth-schemes in a - # www-authenticate header. should probably be a lot more careful - # in parsing them to extract multiple alternatives + rx = re.compile('(?:.*,)*[ \t]*([^ \t]+)[ \t]+realm="([^"]*)"', re.I) # XXX could pre-emptively send auth info already accepted (RFC 2617, # end of section 2, and section 1.2 immediately after "credentials" -- 2.50.0