I understand that the very first request shouldn't contain any auth header.
But If a svn function is called multiple times(for the same host etc.) and
there was already a successful authentication, it should be possible to add
the auth header to the following requests instead of waiting for a auth
required response. At least I hoped so.
Felix
Johan Corveleyn <jcorvel_at_gmail.com> schrieb am Do., 19. Juli 2018, 14:10:
> On Thu, Jul 19, 2018 at 12:15 PM, Felix E. <felixessig_at_gmail.com> wrote:
> >
> >
> > On 2018/07/18 14:45:38, Branko Čibej <b..._at_apache.org> wrote:
> >> On 18.07.2018 15:38, Essig Felix wrote:>
> >> >>
> >> > Hi,>
> >> >>
> >> > >
> >> >>
> >> > I have a question about the http authentication when using the>
> >> > subversion api 1.8.13.>
> >> >>
> >> > For example using the ‚svn_client_list3‘ function:>
> >> >>
> >> > Everytime this function is called the first http request does not>
> >> > contain any Authorization header which leads to a ‚401 Authorization>
> >> > Required‘ response.>
> >> >>
> >> > In my opinion this leads to an unnecessary delay when the function is>
> >> > called multiple times and the same credentials could be used.>
> >> >>
> >> > >
> >> >>
> >> > When calling this function the svn_client_ctx_t contains an>
> >> > svn_auth_baton_t with set default username and default password>
> >> > parameters.>
> >> >>
> >> > >
> >> >>
> >> > Now to my actual question:>
> >> >>
> >> > Can this behaviour somehow be changed or is it just designed to work>
> >> > this way? I also know that the version I’m using is not the newest
> one>
> >> > so if you think an upgrade to a newer version could lead to some>
> >> > performance improvement please let me know.>
> >> >>
> >>
> >> You can either modify the auth baton or create your own. See>
> >> svn_cmdline_create_auth_baton2 in include/svn_cmdline.h and>
> >> subversion/libsvn_subr/cmdline.c.>
> >>
> >> -- Brane>
> >>
> >>
> >
> > Thanks for your answer.
> > But what exactly do you mean?
> > As I said the default parameters are set.
> > There is also no callback to any auth provider so the default values
> seem to
> > work. But only after a auth required response.
> > The http client should include the auth header already in the first
> request.
>
> I think the client can not assume (without sending a first request)
> that authentication will be required. Some servers offer anonymous
> access, some require authentication for "write", but allow anonymous
> reads, and some require authentication for both read and write
> requests. It depends on the servers-side configuration.
>
> --
> Johan
>
Received on 2018-07-19 15:01:24 CEST