Hi,

On Fri, Jun 5, 2015 at 9:26 PM, Jeroen Ooms <jeroen.ooms_at_stat.ucla.edu> wrote:
> For the libcurl bindings in the R programming language, I would like
> to user to be able to connect to an arbitrary server using any
> authentication method. However setting CURLOPT_HTTPAUTH to
> CURLAUTH_ANY actually causes authentication failures in some cases.
>
> Here is an example:
> https://gist.github.com/jeroenooms/94ed3749f0f401900b73. This
> particular example uses hidden basic auth. It works with the default
> CURLOPT_HTTPAUTH but when we set it to CURLAUTH_ANY it fails.

As far as I can tell, this is by design.
How do you want libcurl to pick an authentication method if it doesn't
know what the server supports?
If *you* know then tell it to libcurl and don't use CURLAUTH_ANY.

> When we change the URL to http://httpbin.org/basic-auth/jerry/secret
> we see what happens. When CURLAUTH_ANY is set, curl first performs a
> request without Authorization header, and then when the server returns
> a 401 it tries again with Authorization header. This doesn't work for
> hidden auth because it returns a 404 instead of 401.

To my understanding the server is broken here, not the client.

HTH,
Isaac B.
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2015-06-05