httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Chris Keeley <Chris.Kee...@jdsu.com>
Subject RE: [users@httpd] http 1.1 authorization header is sent to every resource under a given domain
Date Fri, 25 Mar 2011 13:51:22 GMT
Eric, 

That makes perfect sense.

You're a Genius; thank you.

--
Regards
Christopher Keeley

Software Engineer
Communications and Test
JDSU
+441752765327
www.jdsu.com

NOTICE: JDSU UK Ltd. is registered in England & Wales with company number 00887400. 
Its registered office is Spinnaker House, Lime Tree Way, Hampshire Int. Business Park, Chineham,
Basingstoke RG24 8GG.  Information contained in this email is intended for the use of the
addressee only, is confidential and may be legally privileged. Any further dissemination,
distribution, copying or use of this communication without prior permission of the sender
is strictly prohibited.


-----Original Message-----
From: Eric Covener [mailto:covener@gmail.com] 
Sent: 25 March 2011 13:14
To: users@httpd.apache.org
Subject: Re: [users@httpd] http 1.1 authorization header is sent to every resource under a
given domain

>
> I have one completely unsupported theory where the issue is related to the
> fact that '/x' is presented by apache as a virtual resource. I wonder if
> somehow this ends up mapping the realm to '/' instead of '/x'. I draw this
> conclusion from the fact that the browser is pre-empting the Authorization
> header to every resource.
>

close, if you can refactor this to require auth for /x/ with a
trailing slash only then the browser would pre-emptively send to
things.

The problem with auth  on /x is that your browser assumes everything
under the most recent context root is protected -- which is /

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message