httpd-bugs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
Subject DO NOT REPLY [Bug 50891] New: Apache rewrites WWW-Authenticate headers from CGI programs
Date Tue, 08 Mar 2011 14:24:58 GMT

           Summary: Apache rewrites WWW-Authenticate headers from CGI
           Product: Apache httpd-2
           Version: 2.2.16
          Platform: PC
        OS/Version: Linux
            Status: NEW
          Severity: normal
          Priority: P2
         Component: mod_cgi

Created an attachment (id=26743)
 --> (
patch to preserve WWW-authenticate headers in CGI responses

When parsing CGI response headers, apache rewrites the WWW-Authenticate headers
in a standards-compliant way.  Unfortunately, popular browsers (Firefox 3.6.15
at least) do not correctly process the rewritten headers.  This breaks
completely breaks authentication when multiple WWW-Authenticate headers are
sent from a CGI script.

There is already code to preserve Set-Cookie headers in util_script.c. 
Replicating this code for WWW-Authenticate fixes the issue.

The attached patch implements this fix in the most trivial way.

Configure bugmail:
------- You are receiving this mail because: -------
You are the assignee for the bug.

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message