Skip to content

Fix HTTPDigestAuth non-latin credentials encoding#7414

Closed
mitre88 wants to merge 1 commit intopsf:mainfrom
mitre88:fix/httpdigestauth-nonlatin-credentials
Closed

Fix HTTPDigestAuth non-latin credentials encoding#7414
mitre88 wants to merge 1 commit intopsf:mainfrom
mitre88:fix/httpdigestauth-nonlatin-credentials

Conversation

@mitre88
Copy link
Copy Markdown
Contributor

@mitre88 mitre88 commented May 5, 2026

When HTTPDigestAuth credentials are passed as bytes (e.g. encoded UTF-8), they were being used directly in the digest header without decoding, resulting in headers like Digest username="b'Ond\xc5\x99ej'".

This fix decodes bytes username/password to strings before using them in the digest A1 computation and the username header field.

Fixes #6102

Fix HTTPDigestAuth non-latin credentials encoding
37f4199 
When HTTPDigestAuth credentials are passed as bytes (e.g. encoded UTF-8),
they were being used directly in the digest header without decoding,
resulting in headers like Digest username="b'Ond\xc5\x99ej'" instead
of the properly decoded username.

This fix decodes bytes username/password to strings before using them
in the digest A1 computation and the username header field.

Fixes psf#6102
@nateprewitt
Copy link
Copy Markdown
Member

nateprewitt commented May 6, 2026

Hi @mitre88,

I don't believe this is the right fix. It's broken for latin-1 which is our standard assumption for bytes input. There are other open PRs that already address this so we'll close this as a duplicate.

@nateprewitt nateprewitt closed this May 6, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

HTTPDigestAuth fails on non-latin credentials

2 participants

@mitre88 @nateprewitt