Method havePreviousDigestAuthorizationAndShouldAbort ignores Proxy

Question

Method havePreviousDigestAuthorizationAndShouldAbort ignores Proxy

Closed this issue 6 years ago · 3 comments

Method havePreviousDigestAuthorizationAndShouldAbort() looks only at "Authorization" header, and ignores "Proxy-Authorization" header completely. This means we ignore the fact that we could be interacting with a proxy rather than with a WWW server. If the user enters wrong credentials, then we'll constantly repeat our requests to the proxy. This loop never breaks. It's happening with my proxy now.
So, I suggest the following. Instead of

final String previousAuthorizationHeader = request.header("Authorization");

it should be something smarter, like this:

final String headerKey;
if (isProxy())
    headerKey = PROXY_AUTH_RESP;
else
    headerKey = WWW_AUTH_RESP;
final String previousAuthorizationHeader = request.header(headerKey);

Answer 1 · 2018-02-02T17:38:22.000Z

Sounds like a good idea. Unfortunately I dont have a proxy to test, can you provide a PR and a unit test?

Answer 2 · 2018-02-03T10:19:07.000Z

I've created a PR and sent you the proxy address and credentials by email.

Answer 3 · 2018-02-09T05:30:15.000Z

Thanks a lot for the PR, its merged now.