curl / Mailing Lists / curl-users / Single Mail

curl-users

Re: Authorization and Github

From: Daniel Stenberg <daniel_at_haxx.se>
Date: Tue, 9 Oct 2018 13:06:19 +0200 (CEST)

On Mon, 8 Oct 2018, Gisle Vanem wrote:

>>> Very annoying and clumsy. Since with Wget it always works since it doesn't
>>> send this "Authorization:" header when 'machine raw.githubusercontent.com
>>> ..' is present in '%APPDATA%/.netrc'.
>>
>> I'm not following. Is the problem that it sends the wrong header or that it
>> finds the wrong credentials in the .netrc file or something else?
>
> It seems to send the "Authorization: Basic..." header with a Base64 (?)
> value. Github doesn't like that and responds with a 404.

Basic Auth is "user:password" base64-encoded in that header. curl uses that
because you're using the .netrc file and it found the host name with
credentials in there.

> Comparing to Google Chrome, it doesn't seems to send this header.

Sure, but Chrome doesn't care about .netrc. Also, Chrome doesn't send
authentication without "probing" first, which curl does in this case. You can
make curl probe too by adding --anyauth.

> If I disable gist.githubusercontent.com from the _netrc, even then this
> header is sent. This auth-data is then coming the 'default login anonymous'
> line.

curl doesn't read the .netrc by default so you've asked it to use this file
somehow?

-- 
  / daniel.haxx.se
-----------------------------------------------------------
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-users
Etiquette:   https://curl.haxx.se/mail/etiquette.html
Received on 2018-10-09