[
https://jira.nuxeo.org/browse/NXP-4436?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Thierry Delprat resolved NXP-4436.
----------------------------------
Resolution: Fixed
Probably fixed : please reopen if not
http://hg.nuxeo.org/addons/nuxeo-platform-login/rev/03ffd01db055
> NTLM Login Filter should handle correctly empty POSTs send by MSIE when NTLM
> is activated
> -----------------------------------------------------------------------------------------
>
> Key: NXP-4436
> URL: https://jira.nuxeo.org/browse/NXP-4436
> Project: Nuxeo Enterprise Platform
> Issue Type: Bug
> Components: Security
> Affects Versions: 5.3 GA
> Reporter: Thierry Delprat
> Assignee: Thierry Delprat
> Fix For: 5.3.1
>
>
> When NTLM Auth is activated, depending on MSIE version and on the Windows
> settings, the browser may choose to replay the auth challenge/response on
> Post request:
> => POST are sent with an empty body and this breaks JSF/Seam/Nuxeo
> A quick fix is to configure the client to avoid this :
> => see http://jcifs.samba.org/src/docs/ntlmhttpauth.html
> Type: DWORD
> Key: HKEY_CURRENT_USER/Software/Microsoft/Windows/CurrentVersion/Internet
> Settings/DisableNTLMPreAuth
> Value: 1
> The best solution is to add a dedicated filter that will redo the
> challenge/reponse on empty POST requests.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
https://jira.nuxeo.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
_______________________________________________
ECM-tickets mailing list
[email protected]
http://lists.nuxeo.com/mailman/listinfo/ecm-tickets
