[In order for any reply to be added to the PR database, ] [you need to include <[EMAIL PROTECTED]> in the Cc line ] [and leave the subject line UNCHANGED. This is not done] [automatically because of the potential for mail loops. ] [If you do not include this Cc, your reply may be ig- ] [nored unless you are responding to an explicit request ] [from a developer. ] [Reply only with text; DO NOT SEND ATTACHMENTS! ]
Synopsis: Proxy Authentication appears to be broken State-Changed-From-To: open-analyzed State-Changed-By: martin State-Changed-When: Wed Apr 28 08:16:48 PDT 1999 State-Changed-Why: The line which ignores Proxy-Auth at this place is intentional. We don't want to pass the auth information to any server further down the chain (the assumption here is that it was our own proxy authentication). The error is the fact that we don't check if *WE* requested and used the proxy authentication, or if it was another server further down. We should only strip out the proxy auth info if we requested and used it ourselves. This test is indeed currently missing, and therefore we always strip the Proxy-Auth header to be on the safe side. It's somewhere on my TODO list...
