Return-Path: 
 <users-return-78863-apmail-httpd-users-archive=httpd.apache.org@httpd.apache.org>
Delivered-To: apmail-httpd-users-archive@www.apache.org
Received: (qmail 70447 invoked from network); 14 Feb 2008 18:11:36 -0000
Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2)
  by minotaur.apache.org with SMTP; 14 Feb 2008 18:11:36 -0000
Received: (qmail 42262 invoked by uid 500); 14 Feb 2008 18:11:20 -0000
Delivered-To: apmail-httpd-users-archive@httpd.apache.org
Received: (qmail 42147 invoked by uid 500); 14 Feb 2008 18:11:19 -0000
Mailing-List: contact users-help@httpd.apache.org; run by ezmlm
Precedence: bulk
Reply-To: users@httpd.apache.org
list-help: <mailto:users-help@httpd.apache.org>
list-unsubscribe: <mailto:users-unsubscribe@httpd.apache.org>
List-Post: <mailto:users@httpd.apache.org>
List-Id: <users.httpd.apache.org>
Delivered-To: mailing list users@httpd.apache.org
Received: (qmail 42136 invoked by uid 99); 14 Feb 2008 18:11:19 -0000
Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136)
    by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 14 Feb 2008 10:11:19 -0800
X-ASF-Spam-Status: No, hits=2.0 required=10.0
	tests=HTML_MESSAGE,SPF_HELO_PASS,SPF_PASS
X-Spam-Check-By: apache.org
Received-SPF: pass (athena.apache.org: domain of John.DAusilio@mlp.com
 designates 204.212.175.37 as permitted sender)
Received: from [204.212.175.37] (HELO outbound-mail.mlp.com) (204.212.175.37)
    by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 14 Feb 2008 18:10:48 +0000
Received: from EXCHUS001.AD.MLP.COM (Not Verified[10.5.108.190]) by
 outbound-mail.mlp.com with MailMarshal (v6,1,5,586)
	id <B47b484300001>; Thu, 14 Feb 2008 13:10:56 -0500
Received: from EXCHUS007.AD.MLP.COM ([10.5.108.184]) by EXCHUS001.AD.MLP.COM
 with Microsoft SMTPSVC(6.0.3790.1830);
	 Thu, 14 Feb 2008 13:10:55 -0500
X-MimeOLE: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: multipart/alternative;
	boundary="----_=_NextPart_001_01C86F34.F157B968"
Date: Thu, 14 Feb 2008 13:10:55 -0500
Message-ID: <EA0DC7026196B54C809F45633E376EB00180FD9C@EXCHUS007.AD.MLP.COM>
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
Thread-Topic: RE: HTTP OPTIONS and auth issues
Thread-Index: AchvNPFoeP7zAx74Qxu3SmwcOTFQAw==
From: "D'Ausilio, John" <John.DAusilio@mlp.com>
To: <users@httpd.apache.org>
X-OriginalArrivalTime: 14 Feb 2008 18:10:55.0986 (UTC)
 FILETIME=[F1729520:01C86F34]
X-Virus-Checked: Checked by ClamAV on apache.org
Subject: [users@httpd] RE: HTTP OPTIONS and auth issues

------_=_NextPart_001_01C86F34.F157B968
Content-Type: text/plain;
	charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

Should also mention .. the OPTIONS request comes in *without* a user,
hence the 401 ..

=20

=3D=3D=3D=3D

=20

I've got a tomcat app with apache (2.2) in front of it. Apache handles
the auth through LDAP and requires membership in a specific group. One
of the app features allows the user to generate an csv file from some
data and download it. When this download fires with an IE client, the
browser also issues an HTTP OPTIONS request against / which fails with a
401 and pops the auth dialog again. Users can just cancel that dialog
and proceed, but I'd rather it didn't appear at all! Is there some way
to configure apache to route OPTIONS requests to the bit-bucket? Is it
Apache or really Tomcat that's generating the 401? Any hints/clues
appreciated!

=20

jd

=20


######################################################################
The information contained in this communication is confidential and
may contain information that is privileged or exempt from disclosure
under applicable law. If you are not a named addressee, please notify
the sender immediately and delete this email from your system.
If you have received this communication, and are not a named
recipient, you are hereby notified that any dissemination,
distribution or copying of this communication is strictly prohibited.
######################################################################

------_=_NextPart_001_01C86F34.F157B968
Content-Type: text/html;
	charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

<html xmlns:o=3D"urn:schemas-microsoft-com:office:office" xmlns:w=3D"urn:=
schemas-microsoft-com:office:word" xmlns=3D"http://www.w3.org/TR/REC-html=
40">

<head>
<META HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; charset=3Dus-asci=
i">
<meta name=3DGenerator content=3D"Microsoft Word 11 (filtered medium)">
<style>
<!--
=20/* Style Definitions */
=20p.MsoNormal, li.MsoNormal, div.MsoNormal
=09{margin:0in;
=09margin-bottom:.0001pt;
=09font-size:12.0pt;
=09font-family:"Times New Roman";}
a:link, span.MsoHyperlink
=09{color:blue;
=09text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
=09{color:purple;
=09text-decoration:underline;}
span.EmailStyle17
=09{mso-style-type:personal-compose;
=09font-family:Arial;
=09color:windowtext;}
@page Section1
=09{size:8.5in 11.0in;
=09margin:1.0in 1.25in 1.0in 1.25in;}
div.Section1
=09{page:Section1;}
-->
</style>

</head>

<body lang=3DEN-US link=3Dblue vlink=3Dpurple>

<div class=3DSection1>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span style=3D'font-size=
:10.0pt;
font-family:Arial'>Should also mention .. the OPTIONS request comes in *<=
b><span
style=3D'font-weight:bold'>without</span></b>* a user, hence the 401 ..<o=
:p></o:p></span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span style=3D'font-size=
:10.0pt;
font-family:Arial'><o:p>&nbsp;</o:p></span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span style=3D'font-size=
:10.0pt;
font-family:Arial'>=3D=3D=3D=3D<o:p></o:p></span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span style=3D'font-size=
:10.0pt;
font-family:Arial'><o:p>&nbsp;</o:p></span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span style=3D'font-size=
:10.0pt;
font-family:Arial'>I&#8217;ve got a tomcat app with apache (2.2) in front=
=20of
it. Apache handles the auth through LDAP and requires membership in a spe=
cific
group. One of the app features allows the user to generate an csv file fr=
om
some data and download it. When this download fires with an IE client, th=
e
browser also issues an HTTP OPTIONS request against / which fails with a =
401
and pops the auth dialog again. Users can just cancel that dialog and pro=
ceed,
but I&#8217;d rather it didn&#8217;t appear at all! Is there some way to
configure apache to route OPTIONS requests to the bit-bucket? Is it Apach=
e or
really Tomcat that&#8217;s generating the 401? Any hints/clues appreciate=
d!<o:p></o:p></span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span style=3D'font-size=
:10.0pt;
font-family:Arial'><o:p>&nbsp;</o:p></span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span style=3D'font-size=
:10.0pt;
font-family:Arial'>jd<o:p></o:p></span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span style=3D'font-size=
:10.0pt;
font-family:Arial'><o:p>&nbsp;</o:p></span></font></p>

</div>


<P>&nbsp;</P>
<P>
<HR>

<P></P>
<P>The information contained in this communication is confidential and ma=
y=20
contain information that is privileged or exempt from disclosure under=20
applicable law. If you are not a named addressee, please notify the sende=
r=20
immediately and delete this email from your system.&nbsp; If you have rec=
eived=20
this communication, and are not a named recipient, you are hereby notifie=
d that=20
any dissemination, distribution or copying of this communication is stric=
tly=20
prohibited.=20
<HR>
<BR>
<P></P>
</body>

</html>

------_=_NextPart_001_01C86F34.F157B968--