doumibi6899 2015-09-23 23:26
浏览 266
已采纳

通过基本身份验证返回HTTP请求,返回401而不是301重定向

Using Go 1.5.1.

When I try to make a request to a site that automatically redirects to HTTPS using Basic Auth I would expect to get a 301 Redirect response, instead I get a 401.

package main

import "net/http"
import "log"

func main() {
    url := "http://aerolith.org/files"
    username := "cesar"
    password := "password"
    req, err := http.NewRequest("GET", url, nil)
    if err != nil {
        log.Println("error", err)
    }
    if username != "" || password != "" {
        req.SetBasicAuth(username, password)
        log.Println("[DEBUG] Set basic auth to", username, password)
    }
    cli := &http.Client{

    }
    resp, err := cli.Do(req)
    if err != nil {
        log.Println("Do error", err)
    }
    log.Println("[DEBUG] resp.Header", resp.Header)
    log.Println("[DEBUG] req.Header", req.Header)
    log.Println("[DEBUG] code", resp.StatusCode)

}

Note that curl returns a 301:

curl -vvv http://aerolith.org/files --user cesar:password

Any idea what could be going wrong?

  • 写回答

1条回答

  • doumubi6784 2015-09-24 05:17
    关注

    A request to http://aerolith.org/files redirects to https://aerolith.org/files (note change from http to https). A request to https://aerolith.org/files redirects to https://aerolith.org/files/ (note addition of trailing /).

    Curl does not follow redirects. Curl prints the 301 status for the redirect from http://aerolith.org/files to https://aerolith.org/files/.

    The Go client follows the two redirects to https://aerolith.org/files/. The request to https://aerolith.org/files/ returns with status 401 because the Go client does not propagate the authorization header through the redirects.

    Requests to https://aerolith.org/files/ from the Go client and Curl return status 200.

    If you want to follow the redirects and auth successfully, set auth header in a CheckRedirect function:

    cli := &http.Client{
    CheckRedirect: func(req *http.Request, via []*http.Request) error {
        if len(via) >= 10 {
            return errors.New("stopped after 10 redirects")
        }
        req.SetBasicAuth(username, password)
        return nil
    }}
resp, err := cli.Do(req)

    If you want to match what Curl does, use a transport directly. The transport does not follow redirects.

    resp, err := http.DefaultTransport.RoundTrip(req)

    The application can also use the client CheckRedirect function and a distinguished error to prevent redirects as shown in an answer to How Can I Make the Go HTTP Client NOT Follow Redirects Automatically?. This technique seems to be somewhat popular, but is more complicated than using the transport directly.

    redirectAttemptedError := errors.New("redirect")
cli := &http.Client{
    CheckRedirect: func(req *http.Request, via []*http.Request) error {
        return redirectAttemptedError
    }}
resp, err := cli.Do(req)
if urlError, ok := err.(*url.Error); ok && urlError.Err == redirectAttemptedError {
    // ignore error from check redirect
    err = nil   
}
if err != nil {
    log.Println("Do error", err)
}
    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?

悬赏问题

  • ¥15 安卓adb backup备份应用数据失败
  • ¥15 eclipse运行项目时遇到的问题
  • ¥15 关于#c##的问题:最近需要用CAT工具Trados进行一些开发
  • ¥15 南大pa1 小游戏没有界面,并且报了如下错误,尝试过换显卡驱动,但是好像不行
  • ¥15 没有证书,nginx怎么反向代理到只能接受https的公网网站
  • ¥50 成都蓉城足球俱乐部小程序抢票
  • ¥15 yolov7训练自己的数据集
  • ¥15 esp8266与51单片机连接问题(标签-单片机|关键词-串口)(相关搜索:51单片机|单片机|测试代码)
  • ¥15 电力市场出清matlab yalmip kkt 双层优化问题
  • ¥30 ros小车路径规划实现不了,如何解决?(操作系统-ubuntu)