> What "localhost whitelst" are you referring to here?
I set up http auth and disable it in the virtualhost for localhost:
<Location />
AuthType Basic
AuthName "Restricted Access"
AuthUserFile /etc/apache2/.htpasswd
Require valid-user
Require local
</Location>
(This is what I called "whitelisting localhost")
> As for the patch, it seems like a really bad idea to silently turn off https validation when you specify a hostname.
Surelythose are completely independent things?
urllib will display a warning if you use a Host header different from the URL
> I honestly don't understand your described workload... Is your goal to have http auth on all URLs except the
/api/archive/<name>/lists/endpoint from localhost? Surely that's a matter of apache config rather than patching the
client?
I want to have http auth for everyone except localhost.
I may not have chosen the best way to do that. Do you see a better way to handle this?
> And if you just want to change the hostname, can't you just edit the URL?
No because I have several domains on localhost. Apache needs to somehow (with the Host header) know which one is
wanted.
As specified, I also had a problem with these frequent localhost requests being resolved externally.
--
Célestin Matte
