[In order for any reply to be added to the PR database, ] [you need to include <[EMAIL PROTECTED]> in the Cc line ] [and leave the subject line UNCHANGED. This is not done] [automatically because of the potential for mail loops. ]
Synopsis: Suggestion for improving authentication modules and core source code, problem with 401 and ErrorDocument State-Changed-From-To: open-suspended State-Changed-By: brian State-Changed-When: Tue May 19 18:14:09 PDT 1998 State-Changed-Why: In light testing with the current 1.3 betas, it looks like the WWW-Authenticate header *IS* being sent when the ErrorDocument 401 is a CGI script, even if the CGI itself doesn't send it. All of our energies are currently focusing on getting 1.3 out the door out of beta, so I would consider this bug "fixed". Your patch, though, is really about adding new env variables to the 401 errordoc environment, which isn't a bad idea, but being in a feature freeze right now it's tough for us to consider adding it. We do know that auth will have to be revamped for 2.0 (which is where we'll be focusing after 1.3 is done), so it may be best for us to focus on making that environment rich then. For the time being, it would be great if you could rev your patch against 1.3.0 (when it comes out), making sure to update the api calls (e.g. table_set -> ap_table_set) and registering it at modules.apache.org. Thanks! And please let us know if 1.3 doesn't fix this problem - you can get the latest CVS version from http://dev.apache.org/from-cvs/, or the latest beta from http://www.apache.org/dist/. Brian
