At 15:28 19-03-2001 +0100, you wrote:
>Curl has two ways of enabling HTTP basic user authentication:
>
>Now, imagine that the site sends a redirect to another absolute URL (without
>user+password in the URL of course) and we tell curl to follow that Location:
>header.
>
>What should curl do with the authentication data in the second request?

Authentication data should not be passed across different hostnames when
following urls. Curl could handle the authentication as for cookies, i.e
only sending out the data when it is for the same hostname and directory or
subdirectory.

There may be cases where we want to use the same user/password
authentication for all urls of .domain.tld It would be best to have curl
send the user/password for the url only by default (the current behavior).
Two switches could be introduced for the cases described above.

Regards,
-sm
Received on 2001-03-20