httpd-bugs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 41685] Implement optional HTTP Authentication in a standards-compliant fashion
Date Tue, 08 Mar 2011 14:18:52 GMT
https://issues.apache.org/bugzilla/show_bug.cgi?id=41685

--- Comment #1 from alec-keyword-apache.d8a97a@setfilepointer.com 2011-03-08 09:18:50 EST
---
An alternative solution to this can be implemented with this tiny patch:

brock% cat files/require-auth.patch 
--- httpd-2.2.16/server/request.c.orig    2011-03-08 12:36:08.701398059 +0000
+++ httpd-2.2.16/server/request.c    2011-03-08 12:47:46.159477808 +0000
@@ -1631,6 +1631,11 @@
     require_line *reqs;
     int i;

+    const char* auth_header = apr_table_get(r->headers_in, "Authorization");
+    if (auth_header && strlen(auth_header)) {
+        return 1;
+    }
+
     if (!reqs_arr) {
         return 0;
     }
brock% 

This changes the requires_auth function to return true if the browser happens
to have sent authentication credentials.  The assumption here is that whatever
resource is being protected will detect the authentication and apply whatever
authorization is needed.

-- 
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org


Mime
View raw message