httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From n..@apache.org
Subject svn commit: r578336 - in /httpd/httpd/branches/2.2.x: CHANGES STATUS modules/proxy/mod_proxy_http.c
Date Sat, 22 Sep 2007 00:30:24 GMT
Author: niq
Date: Fri Sep 21 17:30:23 2007
New Revision: 578336

URL: http://svn.apache.org/viewvc?rev=578336&view=rev
Log:
Backport r574021
Propagate Proxy-Authorization header correctly
PR 25947

Modified:
    httpd/httpd/branches/2.2.x/CHANGES
    httpd/httpd/branches/2.2.x/STATUS
    httpd/httpd/branches/2.2.x/modules/proxy/mod_proxy_http.c

Modified: httpd/httpd/branches/2.2.x/CHANGES
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/CHANGES?rev=578336&r1=578335&r2=578336&view=diff
==============================================================================
--- httpd/httpd/branches/2.2.x/CHANGES [utf-8] (original)
+++ httpd/httpd/branches/2.2.x/CHANGES [utf-8] Fri Sep 21 17:30:23 2007
@@ -1,6 +1,9 @@
                                                         -*- coding: utf-8 -*-
 Changes with Apache 2.2.7
 
+  *) mod_proxy_http: Propagate Proxy-Authorization header correctly.
+     PR 25947 [Nick Kew]
+
   *) mod_proxy_ajp: Differentiate within AJP between GET and HEAD
      requests. PR 43060 [Jim Jagielski]
 
@@ -343,7 +346,7 @@
 
   *) mod_cgi and mod_cgid: Don't use apr_status_t error return
      from input filters as HTTP return value from the handler.
-     PR 31579.  [Nick Kew]
+     PR 31759.  [Nick Kew]
 
   *) mod_cache: Eliminate a bogus error in the log when a filter returns
      AP_FILTER_ERROR.  [Niklas Edmundsson <nikke acc.umu.se>]

Modified: httpd/httpd/branches/2.2.x/STATUS
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/STATUS?rev=578336&r1=578335&r2=578336&view=diff
==============================================================================
--- httpd/httpd/branches/2.2.x/STATUS (original)
+++ httpd/httpd/branches/2.2.x/STATUS Fri Sep 21 17:30:23 2007
@@ -79,13 +79,6 @@
 PATCHES ACCEPTED TO BACKPORT FROM TRUNK:
   [ start all new proposals below, under PATCHES PROPOSED. ]
 
-    * mod_proxy_http: Propagate Proxy-Authorization header correctly.
-      PR 25947
-      http://svn.apache.org/viewvc?view=rev&revision=574021
-      +1: niq, jfclere.
-      rpluem says: +1 in general, but please remove the tabs from your
-      patch and in trunk.
-
 PATCHES PROPOSED TO BACKPORT FROM TRUNK:
   [ New proposals should be added at the end of the list ]
 

Modified: httpd/httpd/branches/2.2.x/modules/proxy/mod_proxy_http.c
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/modules/proxy/mod_proxy_http.c?rev=578336&r1=578335&r2=578336&view=diff
==============================================================================
--- httpd/httpd/branches/2.2.x/modules/proxy/mod_proxy_http.c (original)
+++ httpd/httpd/branches/2.2.x/modules/proxy/mod_proxy_http.c Fri Sep 21 17:30:23 2007
@@ -755,18 +755,20 @@
              || !strcasecmp(headers_in[counter].key, "Trailer")
              || !strcasecmp(headers_in[counter].key, "Upgrade")
 
-            /* XXX: @@@ FIXME: "Proxy-Authorization" should *only* be
-             * suppressed if THIS server requested the authentication,
-             * not when a frontend proxy requested it!
-             *
-             * The solution to this problem is probably to strip out
-             * the Proxy-Authorisation header in the authorisation
-             * code itself, not here. This saves us having to signal
-             * somehow whether this request was authenticated or not.
-             */
-             || !strcasecmp(headers_in[counter].key,"Proxy-Authorization")
-             || !strcasecmp(headers_in[counter].key,"Proxy-Authenticate")) {
+             ) {
             continue;
+        }
+        /* Do we want to strip Proxy-Authorization ?
+         * If we haven't used it, then NO
+         * If we have used it then MAYBE: RFC2616 says we MAY propagate it.
+         * So let's make it configurable by env.
+         */
+        if (!strcasecmp(headers_in[counter].key,"Proxy-Authorization")) {
+            if (r->user != NULL) { /* we've authenticated */
+                if (!apr_table_get(r->subprocess_env, "Proxy-Chain-Auth")) {
+                    continue;
+                }
+            }
         }
 
         /* Skip Transfer-Encoding and Content-Length for now.



Mime
View raw message