rpcclient: make HTTP Basic Auth optional in HTTPPostMode

[seeforschauer]

Background

When using rpcclient in HTTPPostMode with third-party RPC providers that authenticate via API key in the URL path (e.g. Alchemy, GetBlock), the forced BasicAuth header causes 401 errors.

The problem

handleSendPostMessage (infrastructure.go, L799) unconditionally calls SetBasicAuth(user, pass):

user, pass, err := c.config.getAuth()
if err != nil { ... }
httpReq.SetBasicAuth(user, pass)

And getAuth() has no "no auth" path — if Pass is empty, it falls through to retrieveCookie() which fails if CookiePath is also empty.

This means there is no way to configure rpcclient to skip authentication entirely, which is required for providers that:

• Use API key in URL path (https://provider.com/v2/<api-key>)
• Reject any Authorization header with 401

Proposed fix

Add a DisableAuth field to ConnConfig. When set, skip the getAuth() + SetBasicAuth() call in handleSendPostMessage.

Related

• rpcclient: fix HTTP POST mode with scheme-prefixed Host #2494 fixes a related issue with URL-path hosts (port resolution)
• rpcclient: clarify ConnConfig Host field description #2490 clarifies Host field documentation