[issue19494] urllib2.HTTPBasicAuthHandler (or urllib.request.HTTPBasicAuthHandler) doesn't work with GitHub API v3 and similar
Ian Cordasco
report at bugs.python.org
Mon Sep 1 16:40:36 CEST 2014
Ian Cordasco added the comment:
> However, one sticking point is whether that optimization may also have adverse effects in terms of security (since we would always be sending auth headers, even when the server doesn't ask for it...).
Antoine's concern has always been a concern of mine. There's an important part of this discussion that seems to have been left off. Even security conscious websites like GitHub do not return 404s for all endpoints that require you to authenticate. That fact aside, I think seeing how popular the package Matej added to PyPI will be a good way to decide how essential this is to add to Python 2.7. I am of course biased as a requests core developer and a large-scale GitHub API consumer, but I think this is a fairer way to make a decision.
The patch for Python 3.5, however, looks great.
----------
_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue19494>
_______________________________________
More information about the Python-bugs-list
mailing list