Do not overwrite valid Authorization headers just because a username …

…is in the URL See golang#11399
sinbad · Jun 25, 2015 · 94e9c56 · 94e9c56
1 parent 883bc6e
commit 94e9c56
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/src/net/http/client.go b/src/net/http/client.go
@@ -211,7 +211,7 @@ func send(req *Request, t RoundTripper) (resp *Response, err error) {
 		req.Header = make(Header)
 	}
 
-	if u := req.URL.User; u != nil {
+	if u := req.URL.User; u != nil && req.Header.Get("Authorization") == "" {
 		username := u.Username()
 		password, _ := u.Password()
 		req.Header.Set("Authorization", "Basic "+basicAuth(username, password))