httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Eric Covener <cove...@gmail.com>
Subject Re: [users@httpd] http 1.1 authorization header is sent to every resource under a given domain
Date Fri, 25 Mar 2011 13:14:21 GMT
>
> I have one completely unsupported theory where the issue is related to the
> fact that '/x' is presented by apache as a virtual resource. I wonder if
> somehow this ends up mapping the realm to '/' instead of '/x'. I draw this
> conclusion from the fact that the browser is pre-empting the Authorization
> header to every resource.
>

close, if you can refactor this to require auth for /x/ with a
trailing slash only then the browser would pre-emptively send to
things.

The problem with auth  on /x is that your browser assumes everything
under the most recent context root is protected -- which is /

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message