I understand that the very first request shouldn't contain any auth header. But If a svn function is called multiple times(for the same host etc.) and there was already a successful authentication, it should be possible to add the auth header to the following requests instead of waiting for a auth required response. At least I hoped so.
Felix Johan Corveleyn <jcor...@gmail.com> schrieb am Do., 19. Juli 2018, 14:10: > On Thu, Jul 19, 2018 at 12:15 PM, Felix E. <felixes...@gmail.com> wrote: > > > > > > On 2018/07/18 14:45:38, Branko Čibej <b...@apache.org> wrote: > >> On 18.07.2018 15:38, Essig Felix wrote:> > >> >> > >> > Hi,> > >> >> > >> > > > >> >> > >> > I have a question about the http authentication when using the> > >> > subversion api 1.8.13.> > >> >> > >> > For example using the ‚svn_client_list3‘ function:> > >> >> > >> > Everytime this function is called the first http request does not> > >> > contain any Authorization header which leads to a ‚401 Authorization> > >> > Required‘ response.> > >> >> > >> > In my opinion this leads to an unnecessary delay when the function is> > >> > called multiple times and the same credentials could be used.> > >> >> > >> > > > >> >> > >> > When calling this function the svn_client_ctx_t contains an> > >> > svn_auth_baton_t with set default username and default password> > >> > parameters.> > >> >> > >> > > > >> >> > >> > Now to my actual question:> > >> >> > >> > Can this behaviour somehow be changed or is it just designed to work> > >> > this way? I also know that the version I’m using is not the newest > one> > >> > so if you think an upgrade to a newer version could lead to some> > >> > performance improvement please let me know.> > >> >> > >> > >> You can either modify the auth baton or create your own. See> > >> svn_cmdline_create_auth_baton2 in include/svn_cmdline.h and> > >> subversion/libsvn_subr/cmdline.c.> > >> > >> -- Brane> > >> > >> > > > > Thanks for your answer. > > But what exactly do you mean? > > As I said the default parameters are set. > > There is also no callback to any auth provider so the default values > seem to > > work. But only after a auth required response. > > The http client should include the auth header already in the first > request. > > I think the client can not assume (without sending a first request) > that authentication will be required. Some servers offer anonymous > access, some require authentication for "write", but allow anonymous > reads, and some require authentication for both read and write > requests. It depends on the servers-side configuration. > > -- > Johan >
