Uploaded image for project: 'XWiki Platform'
  1. XWiki Platform
  2. XWIKI-21879

Force preemptive authentication in $xwiki.getURLContent()

    XMLWordPrintable

Details

    • Improvement
    • Resolution: Unresolved
    • Major
    • None
    • 15.10.1
    • Old Core
    • Unknown
    • Awaiting Contributor feedback

    Description

      The get request in the velocity code block does not pass given basic authentication credentials into request.

      Neither passing them with 

      getURLContent("https://website.com", "lrlunin", "Pa$$w0rd")

      nor with 

      getURLContent("https://lrlunin:Pa$$w0rd@website.com")

      I used app.beeceptor.com to discover the oncoming request headers and got this:

      {
       "user-agent": "XWikiBot/1.0",
       "x-forwarded-for": "62.141.173.204",
       "x-forwarded-host": "xwiki.free.beeceptor.com",
       "x-forwarded-proto": "https",
       "accept-encoding": "gzip"
      }
      

      while the same request done with postman/curl got this:

      {
       "user-agent": "PostmanRuntime/7.33.0",
       "accept": "*/*",
       "accept-encoding": "gzip, deflate, br",
       "authorization": "Basic HJsdW5pbjpnaHBfeDRlWWlDQddVVJoZUxoWVhueDZtb1JVOTI1MzBEZXF1", 
       "postman-token": "33c2dffd-a559-4e0b-aa5b-69f1964a8535",
       "x-forwarded-for": "89.247.251.102",
       "x-forwarded-host": "xwiki.free.beeceptor.com",
       "x-forwarded-proto": "https"
      }

      So I am pretty sure that the Apache HttpClient ignores the credentials given. I found some similar issues:

       

       

       

      Attachments

        Activity

          People

            lrlunin Leonid Lunin
            lrlunin Leonid Lunin
            Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

              Created:
              Updated: