1. Bitbucket
  2. Public Issue Tracker
  3. master
  4. Issues

Issues

Issue #3743 open

Document that Bitbucket only challages with 401 if User-Agent contains substring curl (BB-3758)

Adam Brengesjö
created an issue

If requesting a page on bitbucket which requries authentication, for example download files in a private repo, bitbucket.org responds with a 401 status ONLY if the user-agent is curl (there may be other too, but not anyother that I've been able to determine).

In my case, I was writing some C# code to retreive files from the download section, which works fine using curl in scripts, but did not work from C#. Using fiddler to create requests, I noticed that when duplicating the request from curl - it worked. And only when adding the User-Agent header with a value which contains the substring "curl", bitbucket.org responds with a 401 status.

As I cannot authenticate without the 401 status (.NET implementation), I was able to resolve this by adding the string "curl" in the User-Agent header.

I understand that this is probably intentional, as a web browser should be redirected to the login page via a 302 response. But it should at least be documented, or available via the API. I have not been able to find any information about this in the documentation (even though all examples are curl examples...)

Regards, Adam Brengesjö

Comments (7)

  1. Dylan Etkin

    Hi Adam,

    You are right and we don't document that anywhere.

    We could improve our discriminator, perhaps we should look for a request header, but either way we need to document this behavior.

    Cheers,

    Dylan

  2. Bart de Boer

    Actually ran into this when requesting raw sources from Visual Studio (source server support). Our PDB's have the bitbucket url to the raw sources in them, but in case of private repo's, VS should ask for credentials (which it will, when returning 401) rather than (as happens now with the 302) showing the signing page HTML as source code :(

  3. Log in to comment