Skip to content

RequestAsync support basic auth #105

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
766974616c79 wants to merge 1 commit into
base: master
Choose a base branch
from
Open

RequestAsync support basic auth #105

766974616c79 wants to merge 1 commit into from
+11 −0

Conversation

@766974616c79
Copy link
Contributor

@766974616c79 766974616c79 commented Dec 8, 2025

Using the above code, the builder returns a URL that is not supported by the HTTP client. You must use the Authorisation header to be able to use authentication.

Resolves Facepunch/sbox-issues#5798

@garrynewman garrynewman requested a review from Copilot December 22, 2025 07:48
Copilot AI reviewed Dec 22, 2025
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR adds support for HTTP Basic Authentication by extracting credentials from the URI's UserInfo component and converting them into a proper Authorization header, resolving an issue where the builder returns URLs not supported by the HTTP client.

Key Changes:

  • Extracts username and password from URI's UserInfo property
  • Converts credentials to Base64-encoded Authorization header
  • Strips credentials from the URI before creating the HTTP request

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

engine/Sandbox.Engine/Utility/Web/Http.Requests.cs
headers ??= new Dictionary<string, string>();
headers.TryAdd( "Authorization", $"Basic {Convert.ToBase64String( bytes )}" );

uri = new Uri( requestUri.Replace( $"{userInfo}@", "" ), UriKind.Absolute );
Copy link

Copilot AI Dec 22, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Using string replacement to remove credentials from the URI is fragile and could fail if the userInfo contains special regex characters or appears elsewhere in the URL. Use UriBuilder to properly reconstruct the URI without credentials by setting its UserName and Password properties to empty strings.

Suggested change
uri = new Uri( requestUri.Replace( $"{userInfo}@", "" ), UriKind.Absolute );
var uriBuilder = new UriBuilder( uri )
{
UserName = string.Empty,
Password = string.Empty
};
uri = uriBuilder.Uri;

Copilot uses AI. Check for mistakes.
engine/Sandbox.Engine/Utility/Web/Http.Requests.cs
var bytes = System.Text.Encoding.UTF8.GetBytes( userInfo );

headers ??= new Dictionary<string, string>();
headers.TryAdd( "Authorization", $"Basic {Convert.ToBase64String( bytes )}" );
Copy link

Copilot AI Dec 22, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

TryAdd will silently fail if an Authorization header already exists, potentially causing authentication to fail unexpectedly. Consider either throwing an exception if the header already exists, or explicitly overwriting it with the credentials from the URI to ensure predictable behavior.

Suggested change
headers.TryAdd( "Authorization", $"Basic {Convert.ToBase64String( bytes )}" );
headers["Authorization"] = $"Basic {Convert.ToBase64String( bytes )}";

Copilot uses AI. Check for mistakes.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Http.RequestAsync() doesn't support basic auth in URI

1 participant

@766974616c79