Do the auth stuff at the end-of-headers and not at the start-of-body, as

we might not get a body when we get a 401 with a set of WWW-Authenticate: headers. This fixes the problem Kevin Roth detected in 7.10.8-pre4 and pre5. Verified by test case 91.
2025-02-28 17:31:46 -05:00 · 2003-10-22 11:15:48 +00:00 · 2003-10-22 11:15:48 +00:00 · b439e8ffb7
commit b439e8ffb7
parent 475166fc8b
1 changed files with 5 additions and 5 deletions
--- a/lib/transfer.c
+++ b/lib/transfer.c
@ -450,6 +450,11 @@ CURLcode Curl_readwrite(struct connectdata *conn,
              data->info.header_size += headerlen;
              conn->headerbytecount += headerlen;

+              /* *auth_act() checks what authentication methods that are
+                 available and decides which one (if any) to use. It will
+                 set 'newurl' if an auth metod was picked. */
+              Curl_http_auth_act(conn);
+              
              if(!k->header) {
                /*
                 * really end-of-headers.
@ -824,11 +829,6 @@ CURLcode Curl_readwrite(struct connectdata *conn,
            if(conn->protocol&PROT_HTTP) {
              /* HTTP-only checks */

-              /* *auth_act() checks what authentication methods that are
-                 available and decides which one (if any) to use. It will
-                 set 'newurl' if an auth metod was picked. */
-              Curl_http_auth_act(conn);
-              
              if (conn->newurl) {
                if(conn->bits.close) {
                  /* Abort after the headers if "follow Location" is set