Return-Path: Delivered-To: apmail-httpd-bugs-archive@www.apache.org Received: (qmail 10193 invoked from network); 26 Jun 2006 01:42:33 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (209.237.227.199) by minotaur.apache.org with SMTP; 26 Jun 2006 01:42:33 -0000 Received: (qmail 52765 invoked by uid 500); 26 Jun 2006 01:42:32 -0000 Delivered-To: apmail-httpd-bugs-archive@httpd.apache.org Received: (qmail 52726 invoked by uid 500); 26 Jun 2006 01:42:32 -0000 Mailing-List: contact bugs-help@httpd.apache.org; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: Reply-To: "Apache HTTPD Bugs Notification List" List-Id: Delivered-To: mailing list bugs@httpd.apache.org Received: (qmail 52713 invoked by uid 99); 26 Jun 2006 01:42:31 -0000 Received: from asf.osuosl.org (HELO asf.osuosl.org) (140.211.166.49) by apache.org (qpsmtpd/0.29) with ESMTP; Sun, 25 Jun 2006 18:42:31 -0700 X-ASF-Spam-Status: No, hits=-9.4 required=10.0 tests=ALL_TRUSTED,NO_REAL_NAME X-Spam-Check-By: apache.org Received: from [209.237.227.198] (HELO brutus.apache.org) (209.237.227.198) by apache.org (qpsmtpd/0.29) with ESMTP; Sun, 25 Jun 2006 18:42:31 -0700 Received: by brutus.apache.org (Postfix, from userid 33) id AB1647141F1; Mon, 26 Jun 2006 01:40:59 +0000 (GMT) From: bugzilla@apache.org To: bugs@httpd.apache.org Subject: DO NOT REPLY [Bug 39874] - Digest Authentication incompatible with mod_cgi's Location: handling In-Reply-To: X-Bugzilla-Reason: AssignedTo Message-Id: <20060626014059.AB1647141F1@brutus.apache.org> Date: Mon, 26 Jun 2006 01:40:59 +0000 (GMT) X-Virus-Checked: Checked by ClamAV on apache.org X-Spam-Rating: minotaur.apache.org 1.6.2 0/1000/N DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG� RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT . ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND� INSERTED IN THE BUG DATABASE. http://issues.apache.org/bugzilla/show_bug.cgi?id=39874 ------- Additional Comments From kosh@koshua.org 2006-06-26 01:40 ------- (In reply to comment #1) > What are you expecting to be changed? A workaround could be good. e.g. mod_cgi to have an option to slightly deviate from the rfc3875 section 6.2.2 and synthesise an external 302 Found (or better, 303 See Other, which implies a client GET) instead. If you like I can code this and submit it for 1.3 and 2.x. > Either use an external redirect, or use some alternative means to authenticate > your destination. We're a hosting provider; telling our users "you must change your source code" is a last resort, after server-side workaround possibilities are exhausted. > Your report is more a minor mismatch between two specifications - both of > which Apache supports - than a bug. agreed > Also bear in mind that in the days of apache 1.3, Digest authentication was > scarcely used at all, not least due to nonexistent or broken client support in > browsers including Microsoft, Netscape, Mozilla. We have the same problem in all versions, I think. - koshua -- Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. --------------------------------------------------------------------- To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org For additional commands, e-mail: bugs-help@httpd.apache.org