Can you verify this is only the case for mod_wsgi daemon mode. Graham
On 28 October 2011 05:57, Mark Nevill <[email protected]> wrote: > Hey, list > > I'm performing authentication in a WSGI middleware, and I'm trying to > implement Kerberos (SPNEGO/GSSAPI) authentication. If authentication > fails, I need to respond with authentication headers indicating both > Negotiate and Basic authentication schemes. Firefox and Chromium both > expect two separate WWW-Authenticate headers, but modwsgi (or Apache?) > merges multiple headers into a single comma-separated header value. It > would seem to me that this is HTTP conforming behaviour by modwsgi/ > apache, but in light of the situation with Firefox and Chromium, would > it be possible to somehow disable this? > > How to reproduce: > - Write a WSGI script that responds with headers including [('WWW- > Authenticate', 'Negotiate'), ('WWW-Authenticate', 'Basic > realm="Internal Area"')] > - run the WSGI script using Apache and modwsgi (WSGIPassAuthorization > On may be necessary?) > - execute curl --include https://your-server.com/app (or an > equivalent way of inspecting the exact headers. Firebug and chromium's > inspect element do not always show them properly) > > Expected: Two WWW-Authenticate headers > Got: A single WWW-Authenticate headers with all values combined and > separated with commas, i.e. something like: > WWW-Authenticate: Negotiate, Basic realm="Internal Area" > > Any ideas on how I can get two authenticate headers working? > > Thanks, > Mark > > -- > You received this message because you are subscribed to the Google Groups > "modwsgi" group. > To post to this group, send email to [email protected]. > To unsubscribe from this group, send email to > [email protected]. > For more options, visit this group at > http://groups.google.com/group/modwsgi?hl=en. > > -- You received this message because you are subscribed to the Google Groups "modwsgi" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/modwsgi?hl=en.
