tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
Subject [Bug 54372] Digest Authentication fails on Safari and IE8/9
Date Fri, 04 Jan 2013 16:36:36 GMT

Mark Thomas <> changed:

           What    |Removed                     |Added
             Status|NEW                         |RESOLVED
         Resolution|---                         |INVALID

--- Comment #3 from Mark Thomas <> ---
IE8 is not compliant with RFC2617 so the authentication request is rejected.
The browser is adding quotes to the qop field which is meant to be a token (and
hence not quoted). Tomcat is rejecting this malformed request. You need to
raise a bug with Microsoft to get that fixed.

I suspect IE9 has the same problem.

Safari is also adding quotes to the qop field. You'll need to raise a bug with
Apple to get that fixed.

It seems the browser developers were confusing the server qop field (which is a
quoted, comma separated list of tokens) with the browser qop field which is a
token (i.e. not quoted).

Web servers are encouraged to be tolerant of misbehaving clients where they
can. I'll see if there is a way this invalid header can be safely (since this
is security related) parsed.

You are receiving this mail because:
You are the assignee for the bug.

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message