• Martin Storsjö's avatar
    http: Support auth method detection for POST · 71549a85
    Martin Storsjö authored
    Inspired by a patch by Jakob van Bethlehem. But instead of doing
    an empty POST first to trigger the WWW-Authenticate header (which
    would succeed if no auth actually was required), add an Expect:
    100-continue header, which is meant to be used exactly for
    cases like this.
    The header is added if doing a post, and the user has specified
    authentication but we don't know the auth method yet.
    Not all common HTTP servers support the Expect: 100-continue header,
    though, so we only try to use it when it really is needed. The user
    can request it to be added for other POST requests as well via
    an option - which would allow the caller to know immediately that
    the POST has failed (e.g. if no auth was provided but the server
    required it, or if the target URL simply doesn't exist).
    This is only done for write mode posts (e.g. posts without pre-set
    post_data) - for posts with pre-set data, we can just redo the post
    if it failed due to 401.
    Signed-off-by: default avatarMartin Storsjö <martin@martin.st>
http.c 28.6 KB