From 8526adfbd901f766b90f0116d8a40a1a4bdc8fb7 Mon Sep 17 00:00:00 2001
From: Senthil Kumaran <orsenthil@gmail.com>
Date: Wed, 24 Feb 2010 16:45:46 +0000
Subject: [PATCH] Fix for Issue3819 - urllib2 sends Basic auth across redirects

---
 Lib/test/test_urllib2.py | 3 ++-
 Lib/urllib2.py           | 2 +-
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/Lib/test/test_urllib2.py b/Lib/test/test_urllib2.py
index 30b7649f2a..c0366dd18f 100644
--- a/Lib/test/test_urllib2.py
+++ b/Lib/test/test_urllib2.py
@@ -1134,7 +1134,8 @@ class HandlerTests(unittest.TestCase):
         auth_hdr_value = 'Basic '+base64.encodestring(userpass).strip()
         self.assertEqual(http_handler.requests[1].get_header(auth_header),
                          auth_hdr_value)
-
+        self.assertEqual(http_handler.requests[1].unredirected_hdrs[auth_header],
+                         auth_hdr_value)
         # if the password manager can't find a password, the handler won't
         # handle the HTTP auth error
         password_manager.user = password_manager.password = None
diff --git a/Lib/urllib2.py b/Lib/urllib2.py
index 87ef9fb57a..122f777ce4 100644
--- a/Lib/urllib2.py
+++ b/Lib/urllib2.py
@@ -839,7 +839,7 @@ class AbstractBasicAuthHandler:
             auth = 'Basic %s' % base64.b64encode(raw).strip()
             if req.headers.get(self.auth_header, None) == auth:
                 return None
-            req.add_header(self.auth_header, auth)
+            req.add_unredirected_header(self.auth_header, auth)
             return self.parent.open(req, timeout=req.timeout)
         else:
             return None
-- 
2.50.1