httpd-bugs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 38114] - Authorization header ignored -- it should be handled always
Date Wed, 04 Jan 2006 16:13:46 GMT
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG·
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=38114>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND·
INSERTED IN THE BUG DATABASE.

http://issues.apache.org/bugzilla/show_bug.cgi?id=38114


jorton@redhat.com changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |RESOLVED
         Resolution|                            |WONTFIX




------- Additional Comments From jorton@redhat.com  2006-01-04 17:13 -------
Yes, the header is ignored if there is no authz requirement configured for the
resource.  I don't think that violates the 2617 SHOULD; the server *does* accept
the credentials and just ignores them, it has no reason to reject them.

(Indeed, the client may very legitimately be sending the Auth header for this
resource because e.g. it has just moved out of an auth-protected domain
somewhere else in this URI space.)

There is no 401 response that could be sent anyway; there is no realm
configured, no scheme chosen, etc, so what 401 would you expect exactly anyway?  

I'd say that the idea of pre-emptively authenticating yourself in a
challenge/response authentication mechanism such as HTTP's, is, um, challenging
:)  But we can discuss this on the HTTP WG list or somewhere rather than httpd
bugzilla.

-- 
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org


Mime
View raw message