net/http: do not overwrite valid Authorization headers just because a…

… username is in the URL See golang#11399 Change-Id: I3be7fbc86c5f62761f47122632f3e11b56cb6be6
sinbad · Jun 25, 2015 · 4f57d35 · 4f57d35
1 parent 751eef8
commit 4f57d35
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/src/net/http/client.go b/src/net/http/client.go
@@ -212,7 +212,7 @@ func send(req *Request, t RoundTripper) (resp *Response, err error) {
 		req.Header = make(Header)
 	}
 
-	if u := req.URL.User; u != nil {
+	if u := req.URL.User; u != nil && req.Header.Get("Authorization") == "" {
 		username := u.Username()
 		password, _ := u.Password()
 		req.Header.Set("Authorization", "Basic "+basicAuth(username, password))