http://api.drupal.org/api/drupal/includes--common.inc/function/drupal_ht...
Is the function I am referring to encase anyone needs it.

I would create a patch for common.inc but I am in a bit of a crunch and already found a work around.
On line 863 of common.inc
$options['headers']['Authorization'] = 'Basic ' . base64_encode($uri['user'] . (isset($uri['pass']) ? ':' . $uri['pass'] : ''));

This is the faulty code it should look like this

$options['headers']['Authorization'] = 'Basic ' . base64_encode($uri['user'] . (isset($uri['pass']) ? ':' . $uri['pass'] : ':'));

Even when the password is empty you still want to set a colon there for server side compatibility. Without it a server will return a fault code because it is not to spec http://en.wikipedia.org/wiki/Basic_access_authentication I know that link never says anything like 'always send a colon' but it also never says to not include it. So I am also looking to get feedback as to why it is programmed to do it in this manner if you disagree with the change, Thanks.

CommentFileSizeAuthor
#11 1414368-dhr-empty-password-authorization.patch691 bytesdave reid
#8 drupalhttprequestcolond8-1414368-8.patch710 bytescoolestdude1
#7 httprequestcolond7-1414368-7.patch690 bytescoolestdude1
#3 drupalhttprequestcolon-1414368-3.patch711 bytescoolestdude1
#2 drupalhttprequestcolon-1414368-2.patch691 bytescoolestdude1

Comments

coolestdude1’s picture

coolestdude1 commented
Version: 7.9 » 7.12

Still Exists in latest version.

coolestdude1’s picture

coolestdude1 commented
StatusFileSize
new drupalhttprequestcolon-1414368-2.patch691 bytes

Here is the patch file associated with d7, ill get d8 in a sec.

coolestdude1’s picture

coolestdude1 commented
Version: 7.12 » 8.x-dev
Priority: Normal » Minor
Status: Active » Needs review
StatusFileSize
new drupalhttprequestcolon-1414368-3.patch711 bytes

Here is the drupal 8 version patch

nod_’s picture

nod_
Primary language French
Location Lille
commented
Version: 8.x-dev » 7.12
Priority: Minor » Normal
Status: Needs review » Active

wouldn't it be better to put the ':' before the condition since it's there anyway?

nod_’s picture

nod_
Primary language French
Location Lille
commented
Version: 7.12 » 8.x-dev
Priority: Normal » Minor
Status: Active » Needs review

sorry about that.

coolestdude1’s picture

coolestdude1 commented

Yup you are right ill have to change this on Monday but the patch is still a good representation of the change. The d7 one will fail as long as the version number is mismatching ..... meh details.

coolestdude1’s picture

coolestdude1 commented
StatusFileSize
new httprequestcolond7-1414368-7.patch690 bytes

here is the d7 patch, d8 to follow

coolestdude1’s picture

coolestdude1 commented
StatusFileSize
new drupalhttprequestcolond8-1414368-8.patch710 bytes

d8 patch

lva’s picture

lva commented

Please note that this is also a problem in Drupal 6.

Also keep in mind that the patch should not only fix the Basic Authentication to the web server, but also to the Proxy server (see Proxy-Authorization).

mikeytown2’s picture

mikeytown2 commented
Version: 8.x-dev » 7.x-dev

D8 now has Guzzle.
Moving this issue to D7.

dave reid’s picture

dave reid
he/him
Primary language English
Location Nebraska USA
commented
Priority: Minor » Normal
Status: Needs review » Reviewed & tested by the community
StatusFileSize
new 1414368-dhr-empty-password-authorization.patch691 bytes

Confirmed this causes major issues with any kind of API that users username only and no passwords. Just a re-roll, so marking as RTBC.

David_Rothstein’s picture

David_Rothstein commented
Issue summary: View changes
Status: Reviewed & tested by the community » Fixed

Committed to 7.x - thanks! http://drupalcode.org/project/drupal.git/commit/76bc39e

Wondering... does the Proxy-Authorization header (further up in drupal_http_request()) need the same fix?

David_Rothstein’s picture

David_Rothstein commented
Version: 7.x-dev » 6.x-dev
Status: Fixed » Patch (to be ported)

Was also mentioned above that this patch affects Drupal 6.

Status: Patch (to be ported) » Closed (outdated)

Automatically closed because Drupal 6 is no longer supported. If the issue verifiably applies to later versions, please reopen with details and update the version.