micropython-lib icon indicating copy to clipboard operation
micropython-lib copied to clipboard
verified publisher icon micropython

urequests doesn't handle basic auth formatted URLs correctly

Open 0xVeles opened this issue 2 years ago • 5 comments

Per RFC1738 you can supply a username and password for basic auth as part of the URL in the format: http(s)://username:[email protected] however urequests interprets any colon following the protocol to be delimiting a host and port, as seen here.

Obviously it's simple to provide basic auth as a header instead, but it's probably best to be RFC compliant when possible.

0xVeles avatar May 24 '23 00:05 0xVeles

Probably it isn't implemented because

  • passing clear text credentials in the URL is a bad idea
  • there are modern authentication options available, this is becoming obsolete.

Just for curiosity: are there running servers using https://user:pass@... ?

massimosala avatar Jun 28 '23 19:06 massimosala

Hi

I have rewritten the library, with some improvements and basic auth.

Do you want to test it ?

After your feedback, I will open source it and propose the new version to the Micropython mantainers.

massimosala avatar Jun 28 '23 20:06 massimosala

I think that parsing username:password out of URLs can be a separate function, which extracts the relevant information and a cleaned URL. And those that the few that need it can copy-paste it into their project.

jonnor avatar Aug 25 '24 10:08 jonnor