Document that Bitbucket only challages with 401 if User-Agent contains substring curl (BB-3758)

Issue #3743 open
Adam Brengesjö created an issue

If requesting a page on bitbucket which requries authentication, for example download files in a private repo, responds with a 401 status ONLY if the user-agent is curl (there may be other too, but not anyother that I've been able to determine).

In my case, I was writing some C# code to retreive files from the download section, which works fine using curl in scripts, but did not work from C#. Using fiddler to create requests, I noticed that when duplicating the request from curl - it worked. And only when adding the User-Agent header with a value which contains the substring "curl", responds with a 401 status.

As I cannot authenticate without the 401 status (.NET implementation), I was able to resolve this by adding the string "curl" in the User-Agent header.

I understand that this is probably intentional, as a web browser should be redirected to the login page via a 302 response. But it should at least be documented, or available via the API. I have not been able to find any information about this in the documentation (even though all examples are curl examples...)

Regards, Adam Brengesjö

Comments (8)

  1. Dylan Etkin

    Hi Adam,

    You are right and we don't document that anywhere.

    We could improve our discriminator, perhaps we should look for a request header, but either way we need to document this behavior.



  2. Atlassian Bitbucket

    This issue has been closed due to inactivity. If you continue to see problems, please reopen or create a new issue.

  3. Bart de Boer

    Just ran into this today, although I have found it a bit less predictable. Please re-open this

  4. Kaleb Elwert Account Deactivated

    @hbdeboer Can you provide any information about which page you ran into this with? As far as I know, this should be fixed in most cases by using rather than

  5. Bart de Boer

    Actually ran into this when requesting raw sources from Visual Studio (source server support). Our PDB's have the bitbucket url to the raw sources in them, but in case of private repo's, VS should ask for credentials (which it will, when returning 401) rather than (as happens now with the 302) showing the signing page HTML as source code :(

  6. Log in to comment