Log in

No account? Create an account

Request #536849

From: notzanchey
: Account
LiveJournal: username: notzanchey
style: (S1) lastn: 66433 friends: 66435 calendar: 66437 day: 66438
userpics: base + loyalty = userpics
sup enabled:
email validated? yes
cluster: Soybean (#3); data version : 8
design: new    friends page: friends
language: default
underage no;
Is JavaScript enabled: (unknown)
Request sent from Beta:
Photo hosting migration: done
Support category: Syndication (RSS)  [previous | next]
Time posted: Wed, 28 Dec 2005 08:26:42 GMT (15 years ago)
Status: closed (1 point to burr86)
Summary: Digest auth requires algorithm attribute contrary to RFC
Original Request:
Authorization on LiveJournal RSS feeds can be provided through HTTP digest authentication - for example, 'http://www.livejournal.com/users/notzanchey/data/rss?auth=digest'

The LiveJournal digest authentication code requires the attribute 'algorithm' in the Authorization request header. If it is not present, then LiveJournal returns HTTP status code 401 (Authentication required), even if all other attributes are correct.

However, RFC 2617 states that 'If [the algorithm attribute] is not present it is assumed to be "MD5".' The LiveJournal code therefore does not currently display expected behaviour as determined by the RFC.

As Python bug 1037974 (https://sourceforge.net/tracker/?func=detail&atid=305470&aid=1037974&group_id=5470) shows, adding the algorithm attribute by default alleviates the problem on the client side.
It would be good (i.e. I won't have to patch urllib2 if I distribute my script) if the LJ code accepted Authorization request headers without the algorithm attribute, subsituting the default "MD5" as specified in the RFC.
Diagnostics: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.12) Gecko/20050915 Firefox/1.0.7 (ax)
burr86 burr86  - Abe Hassan
Answer (#2103269)
Posted Wed, 28 Dec 2005 12:38:07 GMT (15 years ago)
Thank you for your report. LiveJournal developers have been made aware of this issue and are working to resolve it. I apologize for the inconvenience.