DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT <http://nagoya.apache.org/bugzilla/show_bug.cgi?id=25040>. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE.
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=25040 digest auth doesn't play well with subrequests Summary: digest auth doesn't play well with subrequests Product: Apache httpd-2.0 Version: 2.0-HEAD Platform: All OS/Version: All Status: NEW Severity: Normal Priority: Other Component: mod_auth_digest AssignedTo: [email protected] ReportedBy: [EMAIL PROTECTED] CC: [EMAIL PROTECTED] Digest auth doesn't cooperate well with subrequests, because it insists on using the URI from the Auth header instead of the URI in the subrequest. I may be getting some of the subtleties wrong here; please see this mail from Justin Erenkrantz for a better description: http://subversion.tigris.org/servlets/ReadMsg?list=dev&msgNo=50876 It's part of this thread http://subversion.tigris.org/servlets/BrowseList?list=dev&by=thread&from=135712 ...which starts with Ben Collins-Sussman explaining why Subversion's recent switch to using subrequests for authorization broke digest auth, for users who had previously been using it successfully. Oh: and later, in a private email exchange, Sander Striker tentatively confirmed Brian Fitzpatrick's outline of a solution: B. W. Fitzpatrick wrote: > So basically, mod_auth_digest needs to see if it's in > a subreq, and if it is, then ignore the URI in the > Auth header and use the uri from the subreq itself? > > Is that a correct understanding? That sounds about right. Sander --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
