Document curl_httpclient empty password fix.

Accept None as auth_password in simple_httpclient for consistency with
curl_httpclient.

diff --git a/tornado/simple_httpclient.py b/tornado/simple_httpclient.py
index ad5b7e0987cd1287aa4d41de0bfe350ab92d988c..376d410c56fc3f3e2bed6fc36b61f6c229d071e4 100644 (file)
--- a/tornado/simple_httpclient.py
+++ b/tornado/simple_httpclient.py
@@ -257,7 +257,7 @@ class _HTTPConnection(object):
             username, password = parsed.username, parsed.password
         elif self.request.auth_username is not None:
             username = self.request.auth_username
-            password = self.request.auth_password
+            password = self.request.auth_password or ''
         if username is not None:
             auth = utf8(username) + b(":") + utf8(password)
             self.request.headers["Authorization"] = (b("Basic ") +

diff --git a/website/sphinx/releases/next.rst b/website/sphinx/releases/next.rst
index fa940c895ab7e63bf8bb6398d083bdfa11ac7a6c..aec080bf98c66a7f17b2b4298dba104bb028e969 100644 (file)
--- a/website/sphinx/releases/next.rst
+++ b/website/sphinx/releases/next.rst
@@ -32,6 +32,8 @@ Backwards-incompatible changes
   responses with no content, or empty ``POST``/``PUT`` response bodies.
 * `SimpleAsyncHTTPClient` now supports 303 and 307 redirect codes.
 * `tornado.curl_httpclient` now accepts non-integer timeouts.
+* `tornado.curl_httpclient` now supports basic authentication with an
+  empty password.
 
 ``tornado.httpserver``
 ~~~~~~~~~~~~~~~~~~~~~~