Method havePreviousDigestAuthorizationAndShouldAbort ignores Proxy
Closed this issue · 3 comments
Method havePreviousDigestAuthorizationAndShouldAbort() looks only at "Authorization" header, and ignores "Proxy-Authorization" header completely. This means we ignore the fact that we could be interacting with a proxy rather than with a WWW server. If the user enters wrong credentials, then we'll constantly repeat our requests to the proxy. This loop never breaks. It's happening with my proxy now.
So, I suggest the following. Instead of
final String previousAuthorizationHeader = request.header("Authorization");
it should be something smarter, like this:
final String headerKey;
if (isProxy())
headerKey = PROXY_AUTH_RESP;
else
headerKey = WWW_AUTH_RESP;
final String previousAuthorizationHeader = request.header(headerKey);
Sounds like a good idea. Unfortunately I dont have a proxy to test, can you provide a PR and a unit test?
I've created a PR and sent you the proxy address and credentials by email.
Thanks a lot for the PR, its merged now.