[
https://issues.apache.org/jira/browse/SLING-1400?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Felix Meschberger updated SLING-1400:
-------------------------------------
Component/s: Authentication
(was: Engine)
This can still be reproduced but slightly different: The response is now a
redirect to the login form. This, of course, is completely wrong.
Don't know the correct solution, but probably the authentication handlers
should not request credentials for non-GET/POST requests ....
> OPTIONS request on / returns login form if "Allow Anonymous Access" set to
> false
> --------------------------------------------------------------------------------
>
> Key: SLING-1400
> URL: https://issues.apache.org/jira/browse/SLING-1400
> Project: Sling
> Issue Type: Bug
> Components: Authentication
> Reporter: Bertrand Delacretaz
> Priority: Minor
>
> If "Allow Anonymous Access" is true (that's the default default) in
> theorg.apache.sling.engine.impl.auth.SlingAuthenticator config, curl -X
> OPTIONS http://localhost:8888/ correctly returns a 401 status.
> If the setting is false, the same request returns 200 and the login form.
> Not sure if that's really a problem, but I thought I'd report it as it caused
> the WebDAV mount on / to become unusable with samples that recommend setting
> that parameter to false. I'll change the samples to use
> sling:authRequestLogin=true instead.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
