Here is the reason.
For daemon mode, partially out of convenience as could reuse some
routines provided by Apache, the format of the response on the socket
returned from daemon process to Apache child process is the same as
that which would be returned by a CGI script. The code then uses an
existing function in Apache to parse that CGI type response and back
fill it into the Apache request structure. In doing that the code has:
/* The HTTP specification says that it is legal to merge duplicate
* headers into one. Some browsers that support Cookies don't like
* merged headers and prefer that each Set-Cookie header is sent
* separately. Lets humour those browsers by not merging.
* Oh what a pain it is.
*/
So, it is mindful of joining headers, but only for the Cookie case.
Normally the WWW-Authenticate case wouldn't be a problem because the
original Authorization header can never be passed to a CGI script and
it wouldn't be able to handle authorisation and so generate
WWW-Authenticate.
To fix it would mean making a copy of the existing function in Apache
I am using and never have it merge headers. This is probably doable
and would simplify things. There are extra protections in that
function around squashing duplicates of other response headers as
well, however that might also being done on daemon mode side anyway so
may not be a problem. Duplicating the function would also mean that
can generate more specific errors messages related to mod_wsgi when
timeout occurs rather than the current cryptic CGI heritage message.
Can you create a ticket on the mod_wsgi issue tracker with information
from these posts?
I am busy coming up to a GA release of product at work at the moment,
but after that intend to come back to do some work on mod_wsgi and try
and get a 4.0 release out with some new features specifically related
to product doing at work.
So sorry, not sure I have a quick solution right now. Don't know if
mod_headers is flexible enough to allow you to effectively split a
response header into two.
http://httpd.apache.org/docs/current/mod/mod_headers.html
It may be possible using some convoluted sequence of directives.
Not sure that mod_rewrite is of any help as don't think it works on responses.
Graham
On 28 October 2011 09:02, Mark Nevill <[email protected]> wrote:
> Hi
>
> On 27 October 2011 23:38, Graham Dumpleton <[email protected]> wrote:
>> Can you verify this is only the case for mod_wsgi daemon mode.
>
> Confirmed. Following responses were generated with identical code but
> toggling of a "WSGIProcessGroup wsgidev" directive:
>
> [begin]
> $ curl --include [...]/test.wsgi/auth
> HTTP/1.1 401 Unauthorized
> Date: Thu, 27 Oct 2011 21:58:19 GMT
> Server: Apache/2.2.16 (Debian)
> WWW-Authenticate: Negotiate, Basic realm="Internal Area"
> Content-Length: 43
> Vary: Accept-Encoding
> Content-Type: text/plain
>
> DAEMON MODE: process_group=wsgidev
> [end]
>
> vs
>
> [begin]
> $ curl --include [...]/test.wsgi/auth
> HTTP/1.1 401 Unauthorized
> Date: Thu, 27 Oct 2011 21:58:51 GMT
> Server: Apache/2.2.16 (Debian)
> WWW-Authenticate: Negotiate
> WWW-Authenticate: Basic realm="Internal Area"
> Content-Length: 40
> Vary: Accept-Encoding
> Content-Type: text/plain
>
> EMBEDDED MODE: no process_group
> [end]
>
> Regards,
> Mark
>
> --
> You received this message because you are subscribed to the Google Groups
> "modwsgi" group.
> To post to this group, send email to [email protected].
> To unsubscribe from this group, send email to
> [email protected].
> For more options, visit this group at
> http://groups.google.com/group/modwsgi?hl=en.
>
>
--
You received this message because you are subscribed to the Google Groups
"modwsgi" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/modwsgi?hl=en.
