cURL / Mailing Lists / curl-users / Single Mail

curl-users

Problem with anyauth and redirects

From: Menner May <hans.juergen.may_at_googlemail.com>
Date: Fri, 18 Jun 2010 11:55:26 +0200

I'm successfully using libcurl in numerous applications, but this time
I have some trouble:

curl and libcurl have a problem with a special http download, that
works using a browser without problems:
- there's an url for downloading a file
- the site uses multiple internal redirections
- when requesting the file, the first redirect leads to an authorization page
- the authorization page asks for basic auth (401)
- browser sends basic auth header
- authorization page accepts, sets cookies, redirects to another page
- other page checks cookies and redirects to the original file request
- original request is then granted due to the present cookies.

The problem with this site is:
- basic auth header must only be sent to the auth page when basic auth
is requested (401)
- it must NOT be sent in all other cases
- because if basic auth is sent, there's always a redirect to the login page
A browser behaves accordingly, but not libcurl.

Partly I can acheive this behavior by using the --anyauth option of curl.
Thus, the basic auth header will be sent only after the first basic
auth request (401).
But after that curl and libcurl resend the basic auth header after
every redirect, so I get redirected on and on.

A workaround for curl is:
- stop curl after some redirects, but keep cookie file.
- restart curl with the original request and the saved cookie file.

But I suppose libcurl followredirect in combination with anyauth
should be fixed, such that it behaves like a browser.

b.t.w.: the proxy auth header must still be present in every request, I suppose.
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-users
FAQ: http://curl.haxx.se/docs/faq.html
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2010-06-18