diff --git a/http-web-services.html b/http-web-services.html index e2638c2..5d0d882 100755 --- a/http-web-services.html +++ b/http-web-services.html @@ -737,11 +737,11 @@ Updates the authenticating user’s status. Requires the status>>> httplib2.debuglevel = 1 >>> h = httplib2.Http('.cache') >>> data = {'status': 'Test update from Python 3'} ->>> h.add_credentials('diveintomark', 'MY_SECRET_PASSWORD') +>>> h.add_credentials('diveintomark', 'MY_SECRET_PASSWORD', 'identi.ca') >>> resp, content = h.request('https://identi.ca/api/statuses/update.xml', -... 'POST', -... urlencode(data), -... headers={'Content-Type': 'application/x-www-form-urlencoded'}) +... 'POST', +... urlencode(data), +... headers={'Content-Type': 'application/x-www-form-urlencoded'})
  1. This is how httplib2 handles authentication. Store your username and password with the add_credentials() method. When httplib2 tries to issue the request, the server will respond with a 401 Unauthorized status code, and it will list which authentication methods it supports (in the WWW-Authenticate header). httplib2 will automatically construct an Authorization header and re-request the URL.
  2. The second parameter is the type of HTTP request, in this case POST. @@ -749,6 +749,10 @@ Updates the authenticating user’s status. Requires the statusFinally, we need to tell the server that the payload is URL-encoded data.
+
+

The third parameter to the add_credentials() method is the domain in which the credentials are valid. You should always specify this! If you leave out the domain and later reuse the httplib2.Http object on a different authenticated site, httplib2 might end up leaking one site’s username and password to the other site. +

+

This is what goes over the wire: