Discovered on IRC.
The digest auth handler in Requests' codebase doesn't ever actually check that it is responding to a 401: it just looks for an Authorization header. That's pretty dumb, so we should add a check to only actually do the execution for 401s.
This is a contributor friendly change.
Discovered on IRC.
The digest auth handler in Requests' codebase doesn't ever actually check that it is responding to a 401: it just looks for an Authorization header. That's pretty dumb, so we should add a check to only actually do the execution for 401s.
This is a contributor friendly change.