Created http://trac.nginx.org/nginx/ticket/485#ticket to track this.
Thanks! On Mon, Jan 13, 2014 at 9:08 PM, Maxim Dounin <mdou...@mdounin.ru> wrote: > Hello! > > On Sat, Jan 11, 2014 at 10:28:52PM +0530, Fasih wrote: > > > Yes, that's how I noticed it. I am using nginx as a reverse proxy. The > > upstream sends two WWW-Authenticate headers with different realms. I was > > processing www_authenticate header and hadnt realized that it was legal > to > > send multiple WWW-Authenticate headers. > > Looks like there are indeed valid real-world uses, see e.g. here: > > http://stackoverflow.com/a/15894841/1597813 > > I don't think we want to change www_authenticate to ngx_array_t, > but it certainly counts as another case requiring better support > for multiple headers, much like with $upstream_http_set_cookie and > multiple Set-Cookie headers, and so on. > > > > > On Fri, Jan 10, 2014 at 7:19 PM, Maxim Dounin <mdou...@mdounin.ru> > wrote: > > > > > Hello! > > > > > > On Fri, Jan 10, 2014 at 05:42:23PM +0530, Fasih wrote: > > > > > > > Hi > > > > > > > > RFC allows a server to respond with multiple WWW-Authenticate header > ( > > > > http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.47). > > > > > > > > "User agents are advised to take special care in parsing the WWW- > > > > Authenticate field value as it might contain more than one > challenge, or > > > if > > > > more than one WWW-Authenticate header field is provided, the > contents of > > > a > > > > challenge itself can contain a comma-separated list of authentication > > > > parameters." > > > > > > > > However nginx defines WWW-Authenticate header as an ngx_table_elt_t > in > > > > the ngx_http_headers_out_t struct as opposed to an ngx_array_t like > other > > > > allowed repeated value headers. > > > > > > > > Is this a bug that I should file? > > > > > > Have you seen this to be a problem in real life? > > > > > > -- > > > Maxim Dounin > > > http://nginx.org/ > > > > > > _______________________________________________ > > > nginx-devel mailing list > > > nginx-devel@nginx.org > > > http://mailman.nginx.org/mailman/listinfo/nginx-devel > > > > > > _______________________________________________ > > nginx-devel mailing list > > nginx-devel@nginx.org > > http://mailman.nginx.org/mailman/listinfo/nginx-devel > > > -- > Maxim Dounin > http://nginx.org/ > > _______________________________________________ > nginx-devel mailing list > nginx-devel@nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx-devel >
_______________________________________________ nginx-devel mailing list nginx-devel@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx-devel
