Skip to content

fix: decode percent-encoded credentials in URL userinfo#1684

Open
JawadAlhindi wants to merge 1 commit intohttpie:masterfrom
JawadAlhindi:master
Open

fix: decode percent-encoded credentials in URL userinfo#1684
JawadAlhindi wants to merge 1 commit intohttpie:masterfrom
JawadAlhindi:master

Conversation

@JawadAlhindi
Copy link

@JawadAlhindi JawadAlhindi commented Dec 27, 2025

Fixes #1623

Problem

When credentials contain special characters and are percent-encoded in the URL
(e.g., https://u%40d:p%40ss@example.com), HTTPie uses them literally without
decoding, causing authentication failures.

Reproduction

# Returns 401 (should be 200)
http https://u%40d:1%3d2%3f@httpbin.org/basic-auth/u%40d/1%3d2%3f

Solution

Added urllib.parse.unquote() to decode username and password extracted from
URL before using them for authentication.

@JawadAlhindi
fix: decode percent-encoded credentials in URL userinfo
825dc01 
When percent-encoded characters are used in the username/password part
of a URL, they should be decoded before being used for authentication.
For example, `u%40d` should be decoded to `u@d` before Basic auth.

Fixes httpie#1623
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Username/password in the URL not decoded when used for basic authentication

1 participant

@JawadAlhindi