httpd-bugs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 39874] - Digest Authentication incompatible with mod_cgi's Location: handling
Date Mon, 26 Jun 2006 01:40:59 GMT
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG·
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=39874>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND·
INSERTED IN THE BUG DATABASE.

http://issues.apache.org/bugzilla/show_bug.cgi?id=39874





------- Additional Comments From kosh@koshua.org  2006-06-26 01:40 -------
(In reply to comment #1)
> What are you expecting to be changed?

A workaround could be good.  e.g. mod_cgi to have an option to slightly deviate
from the rfc3875 section 6.2.2 and synthesise an external 302 Found (or better,
303 See Other, which implies a client GET) instead.

If you like I can code this and submit it for 1.3 and 2.x.

> Either use an external redirect, or use some alternative means to authenticate 
> your destination.

We're a hosting provider; telling our users "you must change your source code"
is a last resort, after server-side workaround possibilities are exhausted.
 
> Your report is more a minor mismatch between two specifications - both of 
> which Apache supports - than a bug.

agreed

> Also bear in mind that in the days of apache 1.3, Digest authentication was 
> scarcely used at all, not least due to nonexistent or broken client support in 
> browsers including Microsoft, Netscape, Mozilla.

We have the same problem in all versions, I think.

- koshua



-- 
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org


Mime
View raw message