On Mon, 25 Mar 2002, Eli Marmor wrote: > And a yet another note: > > It is not a bug that "sometime" causes problems; > It is a bug that causes mod_auth_digest to fail ALWAYS (when there are > parameters, of course).
That is defined as "sometimes". And it is only IE with which it fails, no? > So it looks important for me to commit this patch. > Especially when there is no need to dig into the source, find the > problem, fix it, and test it, but everything is ready and you just have > to commit. Isn't this a matter of IE incorrectly implementing the spec? Will making this change break browsers that do properly implement it? It is not obvious if or how we should attempt to cope with IE's brokenness, so it is not something that can just be blindly applied. Blindly ignoring the query string on a request can have security implications as well that need to be understood.
