RFR: 8326949: Authorization header is removed when a proxy Authenticator is set on HttpClient
Michael McMahon
michaelm at openjdk.org
Tue Oct 1 15:16:34 UTC 2024
On Tue, 1 Oct 2024 11:09:11 GMT, Daniel Jeliński <djelinski at openjdk.org> wrote:
> Would it make sense to assume that the user is always right, and use the authenticator only for the credentials that the user didn't provide?
>
> I realize that it would be a major behavior change, but I think that's the least surprising behavior.
That could be simpler and still fits what I think the bug reporters are looking for which is basically that the authenticator would be used for one of server or proxy, while the user would (directly) look after the other.
The problem is partly caused by the fact that there's no way to register an authenticator for proxy only or server only or two separate authenticators for each.
-------------
PR Comment: https://git.openjdk.org/jdk/pull/21249#issuecomment-2386283993
More information about the net-dev
mailing list