Additional HTTP request headers with llHTTPRequest?

Hi, all.

I'm trying to send authentication information via llHTTPRequest, but can't figure out how to add extra headers. For example, if one is doing basic HTTP authentication, one sends something like

CODE

Authorization: Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ==

Which goes in the HTTP header. However, I've bene unable to figure out how to do this with llHTTPRequest. I've tried putting it as the first line of the body, followed by two blank lines, but no dice.

I tried tricking LSL with a juiced up mime type header:

CODE

reqID = llHTTPRequest(myURL,  [HTTP_METHOD, "POST", HTTP_MIMETYPE, "application/x-www-form-urlencoded\nAuthorization: Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ==
 "], body);

But LSL was too smart and told me that the HTTP_MIMETYPE was invalid. No joy in Mudville.

Anyone have any pointers?

Hmm. What about the http://yourusername:yourpassword@yourhost.com method. Does LSL support that? I'd been meaning to test but haven't got around to it yet.

use webforms authentication?

Actually, while that's a valid URL, HTTP (the protocol) doesn't use full URLs when making a request. The browser (or other user agent) takes the URL apart and uses the relevant parts to do the request. Thus the yourusername:yourpassword is (in the case of basic authentication) hashed into a base64 string and sent in the appropriate header.

That being said, LL may have written llHTTPRequest such that it recognizes those sorts of URLs, which means it'd be worth a try at least. However, I was giving basic authentication as an example. The authentication scheme I was looking to use is different, but works the same way, using the Authentication header, and there's no way to specify via URL which sort of authentication to do, AFAIK.

There are also other headers I'd like to be able to use, such as If-Modified-Since (to get only new files) and Range (to grab chunks of a file, not the whole thing).

Thanks for the suggestion, though! I'll definitely check to see if they built in the URL-based authentication you suggested, even if it's not suited to my application, just to see! Good idea!

This method does work for simple http authentication, as I just tested in world.

Good stuff.

why not just do whatever.com?password=SOME MD5 HASH&variables here

thats another simpler way.... parse it with php/whatever to make sure it matches

Dragon, that works if you are writing a script to talk to your own server. On the other hand, if you want your script to talk to a third party server that uses an "Authentication:" header, this will obviously not work.

url authentication u suggesting is no protection at all.. every url logger will catch it and its much easier to reuse it. If you dont have way how to authenticate securly ... kerberos/ntlm just POST authentication token(one time password ticket ). This of course require to use you own web server so you can support it
or you can make 2 key system encryption with LSL (not worth it as lindel will include IMHO signing functions soon) just for beginning of connection
SSL anyway uses it only at the beginning of connection then its plain one key encrypting

I have created a feature request proposal for this:

http://secondlife.com/vote/vote.php?get_id=2462