httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ge...@apache.org
Subject cvs commit: httpd-2.0/docs/manual/mod mod_auth_digest.xml
Date Wed, 04 Aug 2004 13:01:43 GMT
geoff       2004/08/04 06:01:43

  Modified:    docs/manual/mod Tag: APACHE_2_0_BRANCH mod_auth_digest.xml
  Log:
  document AuthDigestEnableQueryStringHack
  
  Revision  Changes    Path
  No                   revision
  No                   revision
  1.5.2.9   +34 -2     httpd-2.0/docs/manual/mod/mod_auth_digest.xml
  
  Index: mod_auth_digest.xml
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/docs/manual/mod/mod_auth_digest.xml,v
  retrieving revision 1.5.2.8
  retrieving revision 1.5.2.9
  diff -u -r1.5.2.8 -r1.5.2.9
  --- mod_auth_digest.xml	17 Apr 2004 18:43:37 -0000	1.5.2.8
  +++ mod_auth_digest.xml	4 Aug 2004 13:01:42 -0000	1.5.2.9
  @@ -72,7 +72,9 @@
       browsers. As of November 2002, the major browsers that support digest
       authentication are <a href="http://www.opera.com/">Opera</a>, <a
       href="http://www.microsoft.com/windows/ie/">MS Internet
  -    Explorer</a> (fails when used with a query string), <a
  +    Explorer</a> (fails when used with a query string - see the
  +    <directive module="mod_auth_digest">AuthDigestEnableQueryStringHack
  +    </directive> option below for a workaround), <a
       href="http://www.w3.org/Amaya/">Amaya</a>, <a
       href="http://www.mozilla.org">Mozilla</a> and <a
       href="http://channels.netscape.com/ns/browsers/download.jsp"
  @@ -81,6 +83,36 @@
       in controlled environments.</p>
       </note>
   </section>
  +
  +<section id="msie"><title>Working with MS Internet Explorer</title>
  +    <p>The Digest authentication implementation in current Internet
  +    Explorer implementations has known issues, namely that <code><GET</code>
  +    requests with a query string are not RFC compliant.  There are a
  +    few ways to work around this issue.</p>
  +
  +    <p>
  +    The first way is to use <code>POST</code> requests instead of
  +    <code>GET</code> requests to pass data to your program.  This method
  +    is the simplest approach if your application can work with this
  +    limitation.
  +    </p>
  +
  +    <p>Apache also provides a workaround in the
  +    <code>AuthDigestEnableQueryStringHack</code> environment variable.
  +    If <code>AuthDigestEnableQueryStringHack</code> is true for the
  +    request, Apache will take steps to work around the MSIE bug and
  +    remove the request URI from the digest comparison.  Using this
  +    method would look similar to the following.</p>
  +
  +    <example><title>Using Digest Authentication with MSIE:</title>
  +    BrowserMatch "MSIE" AuthDigestEnableQueryStringHack=On
  +    </example>
  +
  +    <p>See the <directive module="mod_setenvif">BrowserMatch</directive>
  +    directive for more details on conditionally setting environment
  +    variables</p>
  +</section>
  +
   
   <directivesynopsis>
   <name>AuthDigestFile</name>
  
  
  

Mime
View raw message