Can you verify this is only the case for mod_wsgi daemon mode.

Graham

On 28 October 2011 05:57, Mark Nevill <[email protected]> wrote:
> Hey, list
>
> I'm performing authentication in a WSGI middleware, and I'm trying to
> implement Kerberos (SPNEGO/GSSAPI) authentication. If authentication
> fails, I need to respond with authentication headers indicating both
> Negotiate and Basic authentication schemes. Firefox and Chromium both
> expect two separate WWW-Authenticate headers, but modwsgi (or Apache?)
> merges multiple headers into a single comma-separated header value. It
> would seem to me that this is HTTP conforming behaviour by modwsgi/
> apache, but in light of the situation with Firefox and Chromium, would
> it be possible to somehow disable this?
>
> How to reproduce:
>  - Write a WSGI script that responds with headers including [('WWW-
> Authenticate', 'Negotiate'), ('WWW-Authenticate', 'Basic
> realm="Internal Area"')]
>  - run the WSGI script using Apache and modwsgi (WSGIPassAuthorization
> On may be necessary?)
>  - execute curl --include https://your-server.com/app (or an
> equivalent way of inspecting the exact headers. Firebug and chromium's
> inspect element do not always show them properly)
>
> Expected: Two WWW-Authenticate headers
> Got: A single WWW-Authenticate headers with all values combined and
> separated with commas, i.e. something like:
> WWW-Authenticate: Negotiate, Basic realm="Internal Area"
>
> Any ideas on how I can get two authenticate headers working?
>
> Thanks,
> Mark
>
> --
> You received this message because you are subscribed to the Google Groups 
> "modwsgi" group.
> To post to this group, send email to [email protected].
> To unsubscribe from this group, send email to 
> [email protected].
> For more options, visit this group at 
> http://groups.google.com/group/modwsgi?hl=en.
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"modwsgi" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to 
[email protected].
For more options, visit this group at 
http://groups.google.com/group/modwsgi?hl=en.

Reply via email to