Package: emacs;
Reported by: Alain Picard <alain <at> gocatch.com>
Date: Wed, 21 Sep 2016 05:47:01 UTC
Severity: normal
Tags: moreinfo
Found in version 25.1
Done: Lars Ingebrigtsen <larsi <at> gnus.org>
Bug is archived. No further changes may be made.
To add a comment to this bug, you must first unarchive it, by sending
a message to control AT debbugs.gnu.org, with unarchive 24490 in the body.
You can then email your comments to 24490 AT debbugs.gnu.org in the normal way.
Toggle the display of automated, internal messages from the tracker.
View this report as an mbox folder, status mbox, maintainer mbox
bug-gnu-emacs <at> gnu.org
:bug#24490
; Package emacs
.
(Wed, 21 Sep 2016 05:47:01 GMT) Full text and rfc822 format available.Alain Picard <alain <at> gocatch.com>
:bug-gnu-emacs <at> gnu.org
.
(Wed, 21 Sep 2016 05:47:01 GMT) Full text and rfc822 format available.Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):
From: Alain Picard <alain <at> gocatch.com> To: bug-gnu-emacs <at> gnu.org Cc: Alain Picard <alain <at> gocatch.com> Subject: 25.1; restclient no longer sends auth header upon redirect Date: Wed, 21 Sep 2016 14:19:18 +1000
[Message part 1 (text/plain, inline)]
Dear Maintainers, In emacs 25.1, the code in url-http.el, line 638, states: ;; Do not automatically include an authorization header in the ;; redirect. If needed it will be regenerated by the relevant ;; auth scheme when the new request happens. (setq url-http-extra-headers (cl-remove "Authorization" url-http-extra-headers :key 'car :test 'equal)) I suspect this automatic regenration does not occur. Problem: I am using restclient.el, and hitting a server which issues a redirect, and I receive a 400 Forbidden response because the redirected call does not receive the authentication header (I can see this from the log of my server). Here is a subset of my test http file in restclient mode: ------------------ :host = http://localhost:4348 :driver-2 = goCatch 9999 # GET :host/api/v2/jobs X-Gocatch-State: {"available" : true, "lat": -33.1, "lng":150.9, "speed":15, "error":5, "direction":310 } Authorization: :driver-2 ------------------ In emacs 24, this used to return: [lots of text here snipped] // GET http://localhost:4348/api/v2/jobs // HTTP/1.1 200 OK // Content-Type: application/json; charset=utf-8 // Cache-Control: max-age=0 // Content-Length: 1222 // Server: http-kit // Date: Wed, 21 Sep 2016 04:13:46 GMT // Request duration: 0.247260s But in emacs 25 it now returns: No or invalid authentication details are provided // GET http://localhost:4348/api/v2/jobs // HTTP/1.1 401 Unauthorized // Cache-Control: max-age=0 // Content-Length: 49 // Server: http-kit // Date: Wed, 21 Sep 2016 04:14:29 GMT // Request duration: 0.131224s If I comment out the 3 lines starting at line 642: (setq url-http-extra-headers (cl-remove "Authorization" url-http-extra-headers :key 'car :test 'equal)) I get back the original, correct behaviour. Thanks in advance, and thanks for all the great work on emacs... I've been appreciating your hard work (and emacs) for nearly 25 years. :-) Alain Picard ================================================================ In GNU Emacs 25.1.1 (x86_64-apple-darwin13.4.0, NS appkit-1265.21 Version 10.9.5 (Build 13F1911)) of 2016-09-18 built on builder10-9.porkrind.org Windowing system distributor 'Apple', version 10.3.1404 Configured using: 'configure --with-ns '--enable-locallisppath=/Library/Application Support/Emacs/${version}/site-lisp:/Library/Application Support/Emacs/site-lisp'' Configured features: NOTIFY ACL GNUTLS LIBXML2 ZLIB TOOLKIT_SCROLL_BARS NS Important settings: value of $LANG: en_AU.UTF-8 locale-coding-system: utf-8-unix Major mode: Ediff Minor modes in effect: magit-auto-revert-mode: t global-git-commit-mode: t async-bytecomp-package-mode: t show-paren-mode: t shell-dirtrack-mode: t diff-auto-refine-mode: t flx-ido-mode: t ido-everywhere: t winner-mode: t auto-insert-mode: t global-company-mode: t company-mode: t override-global-mode: t tooltip-mode: t global-eldoc-mode: t electric-indent-mode: t mouse-wheel-mode: t menu-bar-mode: t file-name-shadow-mode: t global-font-lock-mode: t font-lock-mode: t auto-composition-mode: t auto-encryption-mode: t auto-compression-mode: t buffer-read-only: t line-number-mode: t transient-mark-mode: t Recent messages: Region 29 in buffer A is empty [2 times] Refining difference region 30 ... ediff-next-difference: At end of the difference list Region 29 in buffer A is empty [2 times] Region 28 in buffer A is empty [2 times] Region 27 in buffer A is empty [2 times] Region 26 in buffer A is empty [2 times] Region 19 in buffer A is empty [4 times] Quit Saved text until " Type" Load-path shadows: /Users/ap/.emacs.d/elpa/cider-browse-ns-20140725.2249/cider-browse-ns hides /Users/ap/.emacs.d/elpa/cider-0.13.0/cider-browse-ns /Users/ap/.emacs.d/elpa/helm-20160413.2223/helm-multi-match hides /Users/ap/.emacs.d/elpa/helm-core-20160415.1131/helm-multi-match /Users/ap/.emacs.d/elpa/circe-20160413.1027/lcs hides /Users/ap/.emacs.d/elpa/lcs-20121201.555/lcs /Users/ap/.emacs.d/elpa/circe-20160413.1027/lui hides /Users/ap/.emacs.d/elpa/lui-20140910.112/lui /Users/ap/.emacs.d/elpa/circe-20160413.1027/lui-logging hides /Users/ap/.emacs.d/elpa/lui-20140910.112/lui-logging /Users/ap/.emacs.d/elpa/circe-20160413.1027/lui-irc-colors hides /Users/ap/.emacs.d/elpa/lui-20140910.112/lui-irc-colors /Users/ap/.emacs.d/elpa/circe-20160413.1027/lui-format hides /Users/ap/.emacs.d/elpa/lui-20140910.112/lui-format /Users/ap/.emacs.d/elpa/circe-20160413.1027/lui-autopaste hides /Users/ap/.emacs.d/elpa/lui-20140910.112/lui-autopaste /Users/ap/.emacs.d/elpa/circe-20160413.1027/shorten hides /Users/ap/.emacs.d/elpa/shorten-20131201.620/shorten /Users/ap/.emacs.d/elpa/color-theme-solarized-20160219.924/solarized-theme hides /Users/ap/.emacs.d/elpa/solarized-theme-20160408.1143/solarized-theme /Users/ap/.emacs.d/elpa/circe-20160413.1027/tracking hides /Users/ap/.emacs.d/elpa/tracking-20151129.319/tracking /Users/ap/.emacs.d/elpa/circe-20160413.1027/shorten hides /Users/ap/.emacs.d/elpa/tracking-20151129.319/shorten /Users/ap/.emacs.d/emacs-hacks/whitespace hides /Applications/Emacs.app/Contents/Resources/lisp/whitespace /Users/ap/.emacs.d/elpa/org-20160411/ox hides /Applications/Emacs.app/Contents/Resources/lisp/org/ox /Users/ap/.emacs.d/elpa/org-20160411/ox-texinfo hides /Applications/Emacs.app/Contents/Resources/lisp/org/ox-texinfo /Users/ap/.emacs.d/elpa/org-20160411/ox-publish hides /Applications/Emacs.app/Contents/Resources/lisp/org/ox-publish /Users/ap/.emacs.d/elpa/org-20160411/ox-org hides /Applications/Emacs.app/Contents/Resources/lisp/org/ox-org /Users/ap/.emacs.d/elpa/org-20160411/ox-odt hides /Applications/Emacs.app/Contents/Resources/lisp/org/ox-odt /Users/ap/.emacs.d/elpa/org-20160411/ox-md hides /Applications/Emacs.app/Contents/Resources/lisp/org/ox-md /Users/ap/.emacs.d/elpa/org-20160411/ox-man hides /Applications/Emacs.app/Contents/Resources/lisp/org/ox-man /Users/ap/.emacs.d/elpa/org-20160411/ox-latex hides /Applications/Emacs.app/Contents/Resources/lisp/org/ox-latex /Users/ap/.emacs.d/elpa/org-20160411/ox-icalendar hides /Applications/Emacs.app/Contents/Resources/lisp/org/ox-icalendar /Users/ap/.emacs.d/elpa/org-20160411/ox-html hides /Applications/Emacs.app/Contents/Resources/lisp/org/ox-html /Users/ap/.emacs.d/elpa/org-20160411/ox-beamer hides /Applications/Emacs.app/Contents/Resources/lisp/org/ox-beamer /Users/ap/.emacs.d/elpa/org-20160411/ox-ascii hides /Applications/Emacs.app/Contents/Resources/lisp/org/ox-ascii /Users/ap/.emacs.d/elpa/org-20160411/org hides /Applications/Emacs.app/Contents/Resources/lisp/org/org /Users/ap/.emacs.d/elpa/org-20160411/org-w3m hides /Applications/Emacs.app/Contents/Resources/lisp/org/org-w3m /Users/ap/.emacs.d/elpa/org-20160411/org-version hides /Applications/Emacs.app/Contents/Resources/lisp/org/org-version /Users/ap/.emacs.d/elpa/org-20160411/org-timer hides /Applications/Emacs.app/Contents/Resources/lisp/org/org-timer /Users/ap/.emacs.d/elpa/org-20160411/org-table hides /Applications/Emacs.app/Contents/Resources/lisp/org/org-table /Users/ap/.emacs.d/elpa/org-20160411/org-src hides /Applications/Emacs.app/Contents/Resources/lisp/org/org-src /Users/ap/.emacs.d/elpa/org-20160411/org-rmail hides /Applications/Emacs.app/Contents/Resources/lisp/org/org-rmail /Users/ap/.emacs.d/elpa/org-20160411/org-protocol hides /Applications/Emacs.app/Contents/Resources/lisp/org/org-protocol /Users/ap/.emacs.d/elpa/org-20160411/org-plot hides /Applications/Emacs.app/Contents/Resources/lisp/org/org-plot /Users/ap/.emacs.d/elpa/org-20160411/org-pcomplete hides /Applications/Emacs.app/Contents/Resources/lisp/org/org-pcomplete /Users/ap/.emacs.d/elpa/org-20160411/org-mouse hides /Applications/Emacs.app/Contents/Resources/lisp/org/org-mouse /Users/ap/.emacs.d/elpa/org-20160411/org-mobile hides /Applications/Emacs.app/Contents/Resources/lisp/org/org-mobile /Users/ap/.emacs.d/elpa/org-20160411/org-mhe hides /Applications/Emacs.app/Contents/Resources/lisp/org/org-mhe /Users/ap/.emacs.d/elpa/org-20160411/org-macs hides /Applications/Emacs.app/Contents/Resources/lisp/org/org-macs /Users/ap/.emacs.d/elpa/org-20160411/org-macro hides /Applications/Emacs.app/Contents/Resources/lisp/org/org-macro /Users/ap/.emacs.d/elpa/org-20160411/org-loaddefs hides /Applications/Emacs.app/Contents/Resources/lisp/org/org-loaddefs /Users/ap/.emacs.d/elpa/org-20160411/org-list hides /Applications/Emacs.app/Contents/Resources/lisp/org/org-list /Users/ap/.emacs.d/elpa/org-20160411/org-irc hides /Applications/Emacs.app/Contents/Resources/lisp/org/org-irc /Users/ap/.emacs.d/elpa/org-20160411/org-install hides /Applications/Emacs.app/Contents/Resources/lisp/org/org-install /Users/ap/.emacs.d/elpa/org-20160411/org-inlinetask hides /Applications/Emacs.app/Contents/Resources/lisp/org/org-inlinetask /Users/ap/.emacs.d/elpa/org-20160411/org-info hides /Applications/Emacs.app/Contents/Resources/lisp/org/org-info /Users/ap/.emacs.d/elpa/org-20160411/org-indent hides /Applications/Emacs.app/Contents/Resources/lisp/org/org-indent /Users/ap/.emacs.d/elpa/org-20160411/org-id hides /Applications/Emacs.app/Contents/Resources/lisp/org/org-id /Users/ap/.emacs.d/elpa/org-20160411/org-habit hides /Applications/Emacs.app/Contents/Resources/lisp/org/org-habit /Users/ap/.emacs.d/elpa/org-20160411/org-gnus hides /Applications/Emacs.app/Contents/Resources/lisp/org/org-gnus /Users/ap/.emacs.d/elpa/org-20160411/org-footnote hides /Applications/Emacs.app/Contents/Resources/lisp/org/org-footnote /Users/ap/.emacs.d/elpa/org-20160411/org-feed hides /Applications/Emacs.app/Contents/Resources/lisp/org/org-feed /Users/ap/.emacs.d/elpa/org-20160411/org-faces hides /Applications/Emacs.app/Contents/Resources/lisp/org/org-faces /Users/ap/.emacs.d/elpa/org-20160411/org-eshell hides /Applications/Emacs.app/Contents/Resources/lisp/org/org-eshell /Users/ap/.emacs.d/elpa/org-20160411/org-entities hides /Applications/Emacs.app/Contents/Resources/lisp/org/org-entities /Users/ap/.emacs.d/elpa/org-20160411/org-element hides /Applications/Emacs.app/Contents/Resources/lisp/org/org-element /Users/ap/.emacs.d/elpa/org-20160411/org-docview hides /Applications/Emacs.app/Contents/Resources/lisp/org/org-docview /Users/ap/.emacs.d/elpa/org-20160411/org-datetree hides /Applications/Emacs.app/Contents/Resources/lisp/org/org-datetree /Users/ap/.emacs.d/elpa/org-20160411/org-ctags hides /Applications/Emacs.app/Contents/Resources/lisp/org/org-ctags /Users/ap/.emacs.d/elpa/org-20160411/org-crypt hides /Applications/Emacs.app/Contents/Resources/lisp/org/org-crypt /Users/ap/.emacs.d/elpa/org-20160411/org-compat hides /Applications/Emacs.app/Contents/Resources/lisp/org/org-compat /Users/ap/.emacs.d/elpa/org-20160411/org-colview hides /Applications/Emacs.app/Contents/Resources/lisp/org/org-colview /Users/ap/.emacs.d/elpa/org-20160411/org-clock hides /Applications/Emacs.app/Contents/Resources/lisp/org/org-clock /Users/ap/.emacs.d/elpa/org-20160411/org-capture hides /Applications/Emacs.app/Contents/Resources/lisp/org/org-capture /Users/ap/.emacs.d/elpa/org-20160411/org-bibtex hides /Applications/Emacs.app/Contents/Resources/lisp/org/org-bibtex /Users/ap/.emacs.d/elpa/org-20160411/org-bbdb hides /Applications/Emacs.app/Contents/Resources/lisp/org/org-bbdb /Users/ap/.emacs.d/elpa/org-20160411/org-attach hides /Applications/Emacs.app/Contents/Resources/lisp/org/org-attach /Users/ap/.emacs.d/elpa/org-20160411/org-archive hides /Applications/Emacs.app/Contents/Resources/lisp/org/org-archive /Users/ap/.emacs.d/elpa/org-20160411/org-agenda hides /Applications/Emacs.app/Contents/Resources/lisp/org/org-agenda /Users/ap/.emacs.d/elpa/org-20160411/ob hides /Applications/Emacs.app/Contents/Resources/lisp/org/ob /Users/ap/.emacs.d/elpa/org-20160411/ob-tangle hides /Applications/Emacs.app/Contents/Resources/lisp/org/ob-tangle /Users/ap/.emacs.d/elpa/org-20160411/ob-table hides /Applications/Emacs.app/Contents/Resources/lisp/org/ob-table /Users/ap/.emacs.d/elpa/org-20160411/ob-sqlite hides /Applications/Emacs.app/Contents/Resources/lisp/org/ob-sqlite /Users/ap/.emacs.d/elpa/org-20160411/ob-sql hides /Applications/Emacs.app/Contents/Resources/lisp/org/ob-sql /Users/ap/.emacs.d/elpa/org-20160411/ob-shen hides /Applications/Emacs.app/Contents/Resources/lisp/org/ob-shen /Users/ap/.emacs.d/elpa/org-20160411/ob-screen hides /Applications/Emacs.app/Contents/Resources/lisp/org/ob-screen /Users/ap/.emacs.d/elpa/org-20160411/ob-scheme hides /Applications/Emacs.app/Contents/Resources/lisp/org/ob-scheme /Users/ap/.emacs.d/elpa/org-20160411/ob-scala hides /Applications/Emacs.app/Contents/Resources/lisp/org/ob-scala /Users/ap/.emacs.d/elpa/org-20160411/ob-sass hides /Applications/Emacs.app/Contents/Resources/lisp/org/ob-sass /Users/ap/.emacs.d/elpa/org-20160411/ob-ruby hides /Applications/Emacs.app/Contents/Resources/lisp/org/ob-ruby /Users/ap/.emacs.d/elpa/org-20160411/ob-ref hides /Applications/Emacs.app/Contents/Resources/lisp/org/ob-ref /Users/ap/.emacs.d/elpa/org-20160411/ob-R hides /Applications/Emacs.app/Contents/Resources/lisp/org/ob-R /Users/ap/.emacs.d/elpa/org-20160411/ob-python hides /Applications/Emacs.app/Contents/Resources/lisp/org/ob-python /Users/ap/.emacs.d/elpa/org-20160411/ob-plantuml hides /Applications/Emacs.app/Contents/Resources/lisp/org/ob-plantuml /Users/ap/.emacs.d/elpa/org-20160411/ob-picolisp hides /Applications/Emacs.app/Contents/Resources/lisp/org/ob-picolisp /Users/ap/.emacs.d/elpa/org-20160411/ob-perl hides /Applications/Emacs.app/Contents/Resources/lisp/org/ob-perl /Users/ap/.emacs.d/elpa/org-20160411/ob-org hides /Applications/Emacs.app/Contents/Resources/lisp/org/ob-org /Users/ap/.emacs.d/elpa/org-20160411/ob-octave hides /Applications/Emacs.app/Contents/Resources/lisp/org/ob-octave /Users/ap/.emacs.d/elpa/org-20160411/ob-ocaml hides /Applications/Emacs.app/Contents/Resources/lisp/org/ob-ocaml /Users/ap/.emacs.d/elpa/org-20160411/ob-mscgen hides /Applications/Emacs.app/Contents/Resources/lisp/org/ob-mscgen /Users/ap/.emacs.d/elpa/org-20160411/ob-maxima hides /Applications/Emacs.app/Contents/Resources/lisp/org/ob-maxima /Users/ap/.emacs.d/elpa/org-20160411/ob-matlab hides /Applications/Emacs.app/Contents/Resources/lisp/org/ob-matlab /Users/ap/.emacs.d/elpa/org-20160411/ob-makefile hides /Applications/Emacs.app/Contents/Resources/lisp/org/ob-makefile /Users/ap/.emacs.d/elpa/org-20160411/ob-lob hides /Applications/Emacs.app/Contents/Resources/lisp/org/ob-lob /Users/ap/.emacs.d/elpa/org-20160411/ob-lisp hides /Applications/Emacs.app/Contents/Resources/lisp/org/ob-lisp /Users/ap/.emacs.d/elpa/org-20160411/ob-lilypond hides /Applications/Emacs.app/Contents/Resources/lisp/org/ob-lilypond /Users/ap/.emacs.d/elpa/org-20160411/ob-ledger hides /Applications/Emacs.app/Contents/Resources/lisp/org/ob-ledger /Users/ap/.emacs.d/elpa/org-20160411/ob-latex hides /Applications/Emacs.app/Contents/Resources/lisp/org/ob-latex /Users/ap/.emacs.d/elpa/org-20160411/ob-keys hides /Applications/Emacs.app/Contents/Resources/lisp/org/ob-keys /Users/ap/.emacs.d/elpa/org-20160411/ob-js hides /Applications/Emacs.app/Contents/Resources/lisp/org/ob-js /Users/ap/.emacs.d/elpa/org-20160411/ob-java hides /Applications/Emacs.app/Contents/Resources/lisp/org/ob-java /Users/ap/.emacs.d/elpa/org-20160411/ob-io hides /Applications/Emacs.app/Contents/Resources/lisp/org/ob-io /Users/ap/.emacs.d/elpa/org-20160411/ob-haskell hides /Applications/Emacs.app/Contents/Resources/lisp/org/ob-haskell /Users/ap/.emacs.d/elpa/org-20160411/ob-gnuplot hides /Applications/Emacs.app/Contents/Resources/lisp/org/ob-gnuplot /Users/ap/.emacs.d/elpa/org-20160411/ob-fortran hides /Applications/Emacs.app/Contents/Resources/lisp/org/ob-fortran /Users/ap/.emacs.d/elpa/org-20160411/ob-exp hides /Applications/Emacs.app/Contents/Resources/lisp/org/ob-exp /Users/ap/.emacs.d/elpa/org-20160411/ob-eval hides /Applications/Emacs.app/Contents/Resources/lisp/org/ob-eval /Users/ap/.emacs.d/elpa/org-20160411/ob-emacs-lisp hides /Applications/Emacs.app/Contents/Resources/lisp/org/ob-emacs-lisp /Users/ap/.emacs.d/elpa/org-20160411/ob-dot hides /Applications/Emacs.app/Contents/Resources/lisp/org/ob-dot /Users/ap/.emacs.d/elpa/org-20160411/ob-ditaa hides /Applications/Emacs.app/Contents/Resources/lisp/org/ob-ditaa /Users/ap/.emacs.d/elpa/org-20160411/ob-css hides /Applications/Emacs.app/Contents/Resources/lisp/org/ob-css /Users/ap/.emacs.d/elpa/org-20160411/ob-core hides /Applications/Emacs.app/Contents/Resources/lisp/org/ob-core /Users/ap/.emacs.d/elpa/org-20160411/ob-comint hides /Applications/Emacs.app/Contents/Resources/lisp/org/ob-comint /Users/ap/.emacs.d/elpa/org-20160411/ob-clojure hides /Applications/Emacs.app/Contents/Resources/lisp/org/ob-clojure /Users/ap/.emacs.d/elpa/org-20160411/ob-calc hides /Applications/Emacs.app/Contents/Resources/lisp/org/ob-calc /Users/ap/.emacs.d/elpa/org-20160411/ob-C hides /Applications/Emacs.app/Contents/Resources/lisp/org/ob-C /Users/ap/.emacs.d/elpa/org-20160411/ob-awk hides /Applications/Emacs.app/Contents/Resources/lisp/org/ob-awk /Users/ap/.emacs.d/elpa/org-20160411/ob-asymptote hides /Applications/Emacs.app/Contents/Resources/lisp/org/ob-asymptote /Users/ap/.emacs.d/elpa/seq-2.15/seq hides /Applications/Emacs.app/Contents/Resources/lisp/emacs-lisp/seq Features: (shadow sort emacsbug tramp-cache ediff-merg ediff-wind ediff-diff ediff-mult ediff-help ediff-init ediff-util ediff eieio-opt speedbar sb-image ezimage dframe em-unix em-term term ehelp em-script em-prompt em-ls em-hist em-pred em-glob em-dirs em-cmpl em-basic em-banner em-alias nroff-mode man log4j-mode esh-var esh-io esh-cmd esh-opt esh-ext esh-proc esh-arg esh-groups eshell esh-module esh-mode esh-util vc vc-dispatcher log-view grep macros mail-extr cider-apropos apropos linum magit-blame magit-stash magit-bisect magit-remote magit-commit magit-sequence magit magit-apply magit-wip magit-log magit-diff smerge-mode magit-core magit-autorevert autorevert filenotify magit-process magit-popup magit-mode magit-git crm magit-section magit-utils git-commit log-edit pcvs-util add-log with-editor async-bytecomp async cider-macroexpansion pulse js cc-mode cc-fonts cc-guess cc-menus cc-cmds cc-styles cc-align cc-engine cc-vars cc-defs url-cache restclient warnings tabify org-capture dabbrev dired-aux face-remap reposition sql browse-url network-stream nsm starttls misearch multi-isearch paren find-file-in-project bookmark pp view cal-china lunar solar cal-dst cal-bahai cal-islam cal-hebrew holidays hol-loaddefs diary-lib diary-loaddefs cal-iso disp-table org-rmail org-mhe org-irc org-info org-gnus org-docview doc-view subr-x jka-compr image-mode org-bibtex bibtex org-bbdb org-w3m hl-line server color-theme-solarized solarized-definitions color-theme wid-edit google-this clj-refactor pkg-info url-http tls gnutls url url-proxy url-privacy url-expand url-methods url-history mailcap url-auth url-cookie url-domsuf url-util url-gw json map lisp-mnt epl derived rx hydra lv inflections sgml-mode edn peg cider tramp-sh cider-debug cider-browse-ns cider-inspector cider-mode cider-interaction compile arc-mode archive-mode cider-repl cider-resolve cider-test cider-overlays cider-stacktrace cider-doc cider-grimoire cider-popup cider-eldoc cider-client cider-common cider-util nrepl-client tramp tramp-compat tramp-loaddefs trampver shell queue nrepl-dict cider-compat ewoc spinner clojure-mode align imenu multiple-cursors-core rect paredit yasnippet cl s whitespace-mode ob-ditaa org-timer org-table org-colview org-clock org-attach vc-git diff-mode org-id org-element avl-tree org-archive org-agenda org org-macro org-footnote org-pcomplete pcomplete org-list org-faces org-entities noutline outline org-version ob-emacs-lisp ob ob-tangle ob-ref ob-lob ob-table ob-exp org-src ob-keys ob-comint comint ansi-color ob-core ob-eval org-compat org-macs org-loaddefs find-func cal-menu calendar cal-loaddefs smex flx-ido flx ido winner whitespace autoinsert bbdb-message sendmail message dired format-spec rfc822 mml mml-sec epg mm-decode mm-bodies mm-encode mail-parse rfc2231 rfc2047 rfc2045 ietf-drums mailabbrev mail-utils gmm-utils mailheader bbdb bbdb-site timezone ffap thingatpt url-parse auth-source gnus-util mm-util help-fns mail-prsvr password-cache url-vars company-oddmuse company-keywords company-etags etags xref cl-seq project eieio eieio-core cl-macs company-gtags company-dabbrev-code company-dabbrev company-files company-capf company-cmake company-xcode company-clang company-semantic company-eclim company-template company-css company-nxml company-bbdb company advice bookmark-ring ring my-kbd-map edmacro kmacro solarized-dark-theme solarized dash use-package diminish bind-key easy-mmode finder-inf cider-tracing-autoloads closure-lint-mode-autoloads color-theme-autoloads fringe-helper-autoloads lcs-autoloads shorten-autoloads windata-autoloads info package epg-config seq byte-opt gv bytecomp byte-compile cl-extra help-mode easymenu cconv cl-loaddefs pcase cl-lib time-date mule-util tooltip eldoc electric uniquify ediff-hook vc-hooks lisp-float-type mwheel ns-win ucs-normalize term/common-win tool-bar dnd fontset image regexp-opt fringe tabulated-list newcomment elisp-mode lisp-mode prog-mode register page menu-bar rfn-eshadow timer select scroll-bar mouse jit-lock font-lock syntax facemenu font-core frame cl-generic cham georgian utf-8-lang misc-lang vietnamese tibetan thai tai-viet lao korean japanese eucjp-ms cp51932 hebrew greek romanian slovak czech european ethiopic indian cyrillic chinese charscript case-table epa-hook jka-cmpr-hook help simple abbrev minibuffer cl-preloaded nadvice loaddefs button faces cus-face macroexp files text-properties overlay sha1 md5 base64 format env code-pages mule custom widget hashtable-print-readable backquote kqueue cocoa ns multi-tty make-network-process emacs) Memory information: ((conses 16 1517046 206707) (symbols 48 58309 0) (miscs 40 8265 8483) (strings 32 229927 22382) (string-bytes 1 6528476) (vectors 16 135880) (vector-slots 8 3744387 160745) (floats 8 15254 10159) (intervals 56 72471 1258) (buffers 976 167)) -- <http://www.gocatch.com> <http://www.facebook.com/goCatch> <http://twitter.com/goCatchApp> <http://www.linkedin.com/company/gocatch> <https://www.instagram.com/gocatch/> <https://itunes.apple.com/au/app/gocatch/id444439909?mt=8> <https://play.google.com/store/apps/details?id=com.gocatchapp.goCatch&hl=en>
[Message part 2 (text/html, inline)]
bug-gnu-emacs <at> gnu.org
:bug#24490
; Package emacs
.
(Wed, 21 Sep 2016 08:16:01 GMT) Full text and rfc822 format available.Message #8 received at 24490 <at> debbugs.gnu.org (full text, mbox):
From: Andreas Schwab <schwab <at> suse.de> To: Alain Picard <alain <at> gocatch.com> Cc: 24490 <at> debbugs.gnu.org Subject: Re: bug#24490: 25.1; restclient no longer sends auth header upon redirect Date: Wed, 21 Sep 2016 10:15:05 +0200
On Sep 21 2016, Alain Picard <alain <at> gocatch.com> wrote: > Problem: I am using restclient.el, and hitting a server which > issues a redirect, and I receive a 400 Forbidden response because > the redirected call does not receive the authentication header > (I can see this from the log of my server). How does curl or wget handle this? Andreas. -- Andreas Schwab, SUSE Labs, schwab <at> suse.de GPG Key fingerprint = 0196 BAD8 1CE9 1970 F4BE 1748 E4D4 88E3 0EEA B9D7 "And now for something completely different."
bug-gnu-emacs <at> gnu.org
:bug#24490
; Package emacs
.
(Thu, 22 Sep 2016 00:02:02 GMT) Full text and rfc822 format available.Message #11 received at 24490 <at> debbugs.gnu.org (full text, mbox):
From: Alain Picard <alain <at> gocatch.com> To: Andreas Schwab <schwab <at> suse.de> Cc: 24490 <at> debbugs.gnu.org Subject: Re: bug#24490: 25.1; restclient no longer sends auth header upon redirect Date: Thu, 22 Sep 2016 10:01:50 +1000
[Message part 1 (text/plain, inline)]
Well, curl gives you back the 303 (See Other) with the Location header, unless you add -L (follow redirection) in which case it reposts any original header (including Authorization) to the new location. i.e. "it just works". What would be nice for restclient is a separate keystroke which either does or does not follow the redirection; sometimes you want to debug the initial hop. But the default should be to do what it does now, which is to follow; i.e. "act like a browser". Hope this helps. Alain On 21 September 2016 at 18:15, Andreas Schwab <schwab <at> suse.de> wrote: > On Sep 21 2016, Alain Picard <alain <at> gocatch.com> wrote: > > > Problem: I am using restclient.el, and hitting a server which > > issues a redirect, and I receive a 400 Forbidden response because > > the redirected call does not receive the authentication header > > (I can see this from the log of my server). > > How does curl or wget handle this? > > Andreas. > > -- > Andreas Schwab, SUSE Labs, schwab <at> suse.de > GPG Key fingerprint = 0196 BAD8 1CE9 1970 F4BE 1748 E4D4 88E3 0EEA B9D7 > "And now for something completely different." > -- <http://www.gocatch.com> <http://www.facebook.com/goCatch> <http://twitter.com/goCatchApp> <http://www.linkedin.com/company/gocatch> <https://www.instagram.com/gocatch/> <https://itunes.apple.com/au/app/gocatch/id444439909?mt=8> <https://play.google.com/store/apps/details?id=com.gocatchapp.goCatch&hl=en>
[Message part 2 (text/html, inline)]
bug-gnu-emacs <at> gnu.org
:bug#24490
; Package emacs
.
(Tue, 06 Jul 2021 15:45:02 GMT) Full text and rfc822 format available.Message #14 received at 24490 <at> debbugs.gnu.org (full text, mbox):
From: Lars Ingebrigtsen <larsi <at> gnus.org> To: Alain Picard <alain <at> gocatch.com> Cc: 24490 <at> debbugs.gnu.org, Thomas Fitzsimmons <fitzsim <at> fitzsim.org> Subject: Re: bug#24490: 25.1; restclient no longer sends auth header upon redirect Date: Tue, 06 Jul 2021 17:44:00 +0200
Alain Picard <alain <at> gocatch.com> writes: > Dear Maintainers, > > In emacs 25.1, > the code in url-http.el, line 638, states: > > ;; Do not automatically include an authorization header in the > ;; redirect. If needed it will be regenerated by the relevant > ;; auth scheme when the new request happens. > (setq url-http-extra-headers > (cl-remove "Authorization" > url-http-extra-headers :key 'car :test 'equal)) > > I suspect this automatic regenration does not occur. I think this code is basically correct -- if the auth scheme has added something to url-http-extra-headers, then that has to be removed when doing the redirect, because otherwise we might be sending the auth to a completely wrong server, with the security implications of that. > Problem: I am using restclient.el, and hitting a server which > issues a redirect, and I receive a 400 Forbidden response because > the redirected call does not receive the authentication header > (I can see this from the log of my server). I think this must be a bug in restclient.el -- it should instead use an auth scheme that re-adds the Authorization header. I think. The URL interface is pretty vague here, as it is with many other things... Hm... Reading (defun url-http-create-request () [...] (auth (if (cdr-safe (assoc "Authorization" url-http-extra-headers)) nil (url-get-authentication (or (and (boundp 'proxy-info) proxy-info) url-http-target-url) nil 'any nil))) the auth is never added to `url-http-extra-headers', so perhaps that's not correct anyway -- it should be possible for the user to put Authorization in `url-http-extra-headers', and then have that be heeded even over the redirect. I've added Thomas to the CCs; perhaps he has some insights here. (Also see Bug#21350.) -- (domestic pets only, the antidote for overdose, milk.) bloggy blog: http://lars.ingebrigtsen.no
Lars Ingebrigtsen <larsi <at> gnus.org>
to control <at> debbugs.gnu.org
.
(Tue, 06 Jul 2021 15:45:02 GMT) Full text and rfc822 format available.bug-gnu-emacs <at> gnu.org
:bug#24490
; Package emacs
.
(Thu, 08 Jul 2021 21:35:02 GMT) Full text and rfc822 format available.Message #19 received at 24490 <at> debbugs.gnu.org (full text, mbox):
From: Thomas Fitzsimmons <fitzsim <at> fitzsim.org> To: Lars Ingebrigtsen <larsi <at> gnus.org> Cc: Alain Picard <alain <at> gocatch.com>, 24490 <at> debbugs.gnu.org Subject: Re: bug#24490: 25.1; restclient no longer sends auth header upon redirect Date: Thu, 08 Jul 2021 17:34:19 -0400
Lars Ingebrigtsen <larsi <at> gnus.org> writes: > Alain Picard <alain <at> gocatch.com> writes: > >> Dear Maintainers, >> >> In emacs 25.1, >> the code in url-http.el, line 638, states: >> >> ;; Do not automatically include an authorization header in the >> ;; redirect. If needed it will be regenerated by the relevant >> ;; auth scheme when the new request happens. >> (setq url-http-extra-headers >> (cl-remove "Authorization" >> url-http-extra-headers :key 'car :test 'equal)) >> >> I suspect this automatic regenration does not occur. > > I think this code is basically correct -- if the auth scheme has added > something to url-http-extra-headers, then that has to be removed when > doing the redirect, because otherwise we might be sending the auth to a > completely wrong server, with the security implications of that. > >> Problem: I am using restclient.el, and hitting a server which >> issues a redirect, and I receive a 400 Forbidden response because >> the redirected call does not receive the authentication header >> (I can see this from the log of my server). > > I think this must be a bug in restclient.el -- it should instead use an > auth scheme that re-adds the Authorization header. It looks like restclient.el uses advice to skip url-http-handle-authentication if it (restclient) is in the middle of a request. Alain, to rule out that advice as being responsible, can you do: M-: (ad-deactivate 'url-http-handle-authentication) then try the API call again? Thomas
bug-gnu-emacs <at> gnu.org
:bug#24490
; Package emacs
.
(Wed, 14 Jul 2021 17:48:02 GMT) Full text and rfc822 format available.Message #22 received at 24490 <at> debbugs.gnu.org (full text, mbox):
From: Thomas Fitzsimmons <fitzsim <at> fitzsim.org> To: Lars Ingebrigtsen <larsi <at> gnus.org> Cc: Alain Picard <alain <at> gocatch.com>, 24490 <at> debbugs.gnu.org Subject: Re: bug#24490: 25.1; restclient no longer sends auth header upon redirect Date: Wed, 14 Jul 2021 13:47:36 -0400
Thomas Fitzsimmons <fitzsim <at> fitzsim.org> writes: > Lars Ingebrigtsen <larsi <at> gnus.org> writes: > >> Alain Picard <alain <at> gocatch.com> writes: >> >>> Dear Maintainers, >>> >>> In emacs 25.1, >>> the code in url-http.el, line 638, states: >>> >>> ;; Do not automatically include an authorization header in the >>> ;; redirect. If needed it will be regenerated by the relevant >>> ;; auth scheme when the new request happens. >>> (setq url-http-extra-headers >>> (cl-remove "Authorization" >>> url-http-extra-headers :key 'car :test 'equal)) >>> >>> I suspect this automatic regenration does not occur. >> >> I think this code is basically correct -- if the auth scheme has added >> something to url-http-extra-headers, then that has to be removed when >> doing the redirect, because otherwise we might be sending the auth to a >> completely wrong server, with the security implications of that. >> >>> Problem: I am using restclient.el, and hitting a server which >>> issues a redirect, and I receive a 400 Forbidden response because >>> the redirected call does not receive the authentication header >>> (I can see this from the log of my server). >> >> I think this must be a bug in restclient.el -- it should instead use an >> auth scheme that re-adds the Authorization header. > > It looks like restclient.el uses advice to skip > url-http-handle-authentication if it (restclient) is in the middle of a > request. > > Alain, to rule out that advice as being responsible, can you do: > > M-: (ad-deactivate 'url-http-handle-authentication) > > then try the API call again? The email to "alain <at> gocatch.com" bounced, so I think we should probably close this bug report. Thomas
bug-gnu-emacs <at> gnu.org
:bug#24490
; Package emacs
.
(Wed, 14 Jul 2021 18:24:01 GMT) Full text and rfc822 format available.Message #25 received at 24490 <at> debbugs.gnu.org (full text, mbox):
From: Lars Ingebrigtsen <larsi <at> gnus.org> To: Thomas Fitzsimmons <fitzsim <at> fitzsim.org> Cc: Alain Picard <alain <at> gocatch.com>, 24490 <at> debbugs.gnu.org Subject: Re: bug#24490: 25.1; restclient no longer sends auth header upon redirect Date: Wed, 14 Jul 2021 20:23:45 +0200
Thomas Fitzsimmons <fitzsim <at> fitzsim.org> writes: > The email to "alain <at> gocatch.com" bounced, so I think we should probably > close this bug report. OK; done. -- (domestic pets only, the antidote for overdose, milk.) bloggy blog: http://lars.ingebrigtsen.no
Lars Ingebrigtsen <larsi <at> gnus.org>
to control <at> debbugs.gnu.org
.
(Wed, 14 Jul 2021 18:25:02 GMT) Full text and rfc822 format available.Debbugs Internal Request <help-debbugs <at> gnu.org>
to internal_control <at> debbugs.gnu.org
.
(Thu, 12 Aug 2021 11:24:09 GMT) Full text and rfc822 format available.
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.