Skip to content

ClientDigestMiddleware doesn't work like browsers #11128

New issue
New issue
Closed
#11129
Closed
ClientDigestMiddleware doesn't work like browsers#11128
#11129
Labels
bug
@bdraco

Description

@bdraco
bdraco
opened on Jun 3, 2025

Describe the bug

Once a browser has a challange it sends the authenticate header on subsequent requests preemptively. We should work the same. This behavior is described in https://datatracker.ietf.org/doc/html/rfc7616#section-3.6

The Authorization header field MAY be
included preemptively; doing so improves server efficiency and avoids
extra round trips for authentication challenges.

To Reproduce

Try digest auth on enphase envoy. It only works on the first request because it expected preemptive auth on subsequent requests

Expected behavior

Behave like browsers by default

Logs/tracebacks

n/a

Python Version

$ python --version
n/a

aiohttp Version

$ python -m pip show aiohttp
3.12.7

multidict Version

$ python -m pip show multidict
n/a

propcache Version

$ python -m pip show propcache
n/a

yarl Version

$ python -m pip show yarl
n/a

OS

linux

Related component

Client

Additional context

No response

Code of Conduct

  • I agree to follow the aio-libs Code of Conduct

Metadata

Metadata

Assignees

No one assigned

    Labels

    bug

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions