Extraction of authorization from URL needs to happen sooner [rt.cpan.org #89968]

[oalders]

Migrated from rt.cpan.org#89968 (status was 'new')

Requestors:

• leonerd-cpan@leonerd.org.uk

From leonerd-cpan@leonerd.org.uk on 2013-11-01 22:12:56:

The HTTP::Request + LWP::UserAgent pair of modules correctly handles the case

  my $resp = $ua->request( GET "http://user:pass@host/path" );

but despite that the HTTP basic auth header is a property of the HTTP::Request itself, this appears to be being handled entirely by LWP rather than HTTP::Request.

It would be more useful for other HTTP useragents which are based on HTTP::Message objects if this were handled within HTTP::Request itself. I feel that therefore the behaviour ought to be somewhere that after

  my $req = GET "http://user:pass@host/path";

We now have the Authorization header correctly set in $req and the user:pass@ removed from the embedded URL in the first request line. Ideally then at this point

  print $req->as_string;

should yield

  GET /path HTTP/1.1
  Host: host
  Authorization: Basic dXNlcjpwYXNz
  ...

-- 

Paul Evans

From leonerd-cpan@leonerd.org.uk on 2013-11-06 17:06:11:

For context see also

  https://rt.cpan.org/Ticket/Display.html?id=89775

-- 

Paul Evans