Fix: HTTPDigestAuth for Non-Latin Credentials
Fixed psf/requests#6102 — 4 line bug-fix. Python encoding fix for non-latin auth credentials.
The Bug
Repo: psf/requests Issue: #6102 Status: PR-submitted PR: https://github.com/psf/requests/pull/7450
Description: HTTPDigestAuth fails on non-latin credentials
Fix scope: 4 lines changed in requests/auth.py
The Fix
This is a simple fix. The change is minimal and targeted — only what’s needed.
if isinstance(username, str):
- username = username.encode("latin1")
+ username = username.encode("utf-8")
if isinstance(password, str):
- password = password.encode("latin1")
+ password = password.encode("utf-8")What This Teaches
Encoding assumptions in HTTP libraries are a common source of UnicodeErrors. The latin1 (ISO-8859-1) encoding only supports 256 characters — any character outside that range (Cyrillic, CJK, emoji, etc.) throws a UnicodeEncodeError.
The HTTP spec allows UTF-8 in header values, so latin1 was an unnecessary restriction. Modern Python defaults to UTF-8 for a reason: it handles the full Unicode space.
Pattern: When a library function encodes strings for transmission, check if the encoding choice predates Unicode-awareness. Switching latin1 → utf-8 is often the fix.
Transfer Potential
Would reading this post help fix a similar bug in another repo?
High — this exact pattern (latin1 encoding in HTTP auth) appears in multiple HTTP client libraries. The same fix applies to any Python project that encodes user-provided strings for HTTP headers.
Auto-generated from PR #7450. View all patches on GitHub.