httpd-bugs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 25040] New: - digest auth doesn't play well with subrequests
Date Thu, 27 Nov 2003 03:33:40 GMT
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG 
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://nagoya.apache.org/bugzilla/show_bug.cgi?id=25040>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND 
INSERTED IN THE BUG DATABASE.

http://nagoya.apache.org/bugzilla/show_bug.cgi?id=25040

digest auth doesn't play well with subrequests

           Summary: digest auth doesn't play well with subrequests
           Product: Apache httpd-2.0
           Version: 2.0-HEAD
          Platform: All
        OS/Version: All
            Status: NEW
          Severity: Normal
          Priority: Other
         Component: mod_auth_digest
        AssignedTo: bugs@httpd.apache.org
        ReportedBy: kfogel@collab.net
                CC: striker@apache.org


Digest auth doesn't cooperate well with subrequests, because it insists on using
the URI from the Auth header instead of the URI in the subrequest.

I may be getting some of the subtleties wrong here; please see this mail from
Justin Erenkrantz for a better description:

http://subversion.tigris.org/servlets/ReadMsg?list=dev&msgNo=50876

It's part of this thread

http://subversion.tigris.org/servlets/BrowseList?list=dev&by=thread&from=135712

...which starts with Ben Collins-Sussman explaining why Subversion's recent
switch to using subrequests for authorization broke digest auth, for users who
had previously been using it successfully.

Oh: and later, in a private email exchange, Sander Striker tentatively confirmed
Brian Fitzpatrick's outline of a solution:

   B. W. Fitzpatrick wrote:
   > So basically, mod_auth_digest needs to see if it's in
   > a subreq, and if it is, then ignore the URI in the
   > Auth header and use the uri from the subreq itself?
   >
   > Is that a correct understanding?
   
   That sounds about right.
   
   Sander

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org


Mime
View raw message