On Tue, 2004-08-03 at 15:22 -0400, Geoffrey Young wrote: > hmm, I guess this fell off the collective radar. > > any comments? otherwise, I guess it's good enough and I'll just commit it > to both 2.0 and 2.1.
Looks good to me. -Paul Querna > Geoffrey Young wrote: > > > > [EMAIL PROTECTED] wrote: > > > >>pquerna 2004/07/10 00:47:23 > >> > >> Modified: . Tag: APACHE_2_0_BRANCH CHANGES STATUS > >> modules/aaa Tag: APACHE_2_0_BRANCH mod_auth_digest.c > >> Log: > >> Backport of AuthDigestEnableQueryStringHack > >> Needs a doc update to explain what it does. > > > > > > something like the attached? corrections, tweaks, or other feedback welcome. > > > > --Geoff > > > > > > > > ------------------------------------------------------------------------ > > > > Index: mod_auth_digest.xml > > =================================================================== > > RCS file: /home/cvs/httpd-2.0/docs/manual/mod/mod_auth_digest.xml,v > > retrieving revision 1.5.2.8 > > diff -u -r1.5.2.8 mod_auth_digest.xml > > --- mod_auth_digest.xml 17 Apr 2004 18:43:37 -0000 1.5.2.8 > > +++ mod_auth_digest.xml 12 Jul 2004 14:16:11 -0000 > > @@ -72,7 +72,9 @@ > > browsers. As of November 2002, the major browsers that support digest > > authentication are <a href="http://www.opera.com/";>Opera</a>, <a > > href="http://www.microsoft.com/windows/ie/";>MS Internet > > - Explorer</a> (fails when used with a query string), <a > > + Explorer</a> (fails when used with a query string - see the > > + <directive module="mod_auth_digest">AuthDigestEnableQueryStringHack > > + </directive> option below for a workaround), <a > > href="http://www.w3.org/Amaya/";>Amaya</a>, <a > > href="http://www.mozilla.org";>Mozilla</a> and <a > > href="http://channels.netscape.com/ns/browsers/download.jsp"; > > @@ -81,6 +83,36 @@ > > in controlled environments.</p> > > </note> > > </section> > > + > > +<section id="msie"><title>Working with MS Internet Explorer</title> > > + <p>The Digest authentication implementation in current Internet > > + Explorer implementations has known issues, namely that <code><GET</code> > > + requests with a query string are not RFC compliant. There are a > > + few ways to work around this issue.</p> > > + > > + <p> > > + The first way is to use <code>POST</code> requests instead of > > + <code>GET</code> requests to pass data to your program. This method > > + is the simplest approach if your application can work with this > > + limitation. > > + </p> > > + > > + <p>Apache also provides a workaround in the > > + <code>AuthDigestEnableQueryStringHack</code> environment variable. > > + If <code>AuthDigestEnableQueryStringHack</code> is true for the > > + request, Apache will take steps to work around the MSIE bug and > > + remove the request URI from the digest comparison. Using this > > + method would look like similar to the following.</p> > > + > > + <example><title>Using Digest Authentication with MSIE:</title> > > + BrowserMatch "MSIE" AuthDigestEnableQueryStringHack=On > > + </example> > > + > > + <p>See the <directive module="mod_setenvif">BrowserMatch</directive> > > + directive for more details on conditionally setting environment > > + variables</p> > > +</section> > > + > > > > <directivesynopsis> > > <name>AuthDigestFile</name>
