[Bug 54372] Digest Authentication fails on Safari and IE8/9
https://issues.apache.org/bugzilla/show_bug.cgi?id=54372 --- Comment #6 from Konstantin Kolinko knst.koli...@gmail.com --- By the way, a workaround was implemented in r1429124 It will be included in 7.0.35 onwards. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 54372] Digest Authentication fails on Safari and IE8/9
https://issues.apache.org/bugzilla/show_bug.cgi?id=54372 --- Comment #4 from Johan Borchers jborch...@crimsonwing.com --- Oke, thanks for clearing the problem. The problem is who is doing something to solve the problem. If I manage to report a bug to Apple or Microsoft will it be fixed? an if so in what time frame? How can I see that Safari is sending back the qop value as a quoted string and not as a token? I do use Live HTTP Headers in Firefox but Safari ?? -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 54372] Digest Authentication fails on Safari and IE8/9
https://issues.apache.org/bugzilla/show_bug.cgi?id=54372 --- Comment #5 from Johan Borchers jborch...@crimsonwing.com --- Reported the bug to Apple for Safari : Problem ID: 12964948 -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 54372] Digest Authentication fails on Safari and IE8/9
https://issues.apache.org/bugzilla/show_bug.cgi?id=54372 Johan Borchers jborch...@crimsonwing.com changed: What|Removed |Added OS||All --- Comment #1 from Johan Borchers jborch...@crimsonwing.com --- Version 7.0.30 and 7.0.32 are working fine with the same configuration. Safari can login with DIGEST authentication. Version 7.0.33 is not working anymore and has the same problem as described for version 7.0.34. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 54372] Digest Authentication fails on Safari and IE8/9
https://issues.apache.org/bugzilla/show_bug.cgi?id=54372 --- Comment #2 from Mark Thomas ma...@apache.org --- The likely suspect is the new lightweight HTTP header parser that we switched to in 7.0.33. The question at the moment is whether it is the parser or the client that is non-spec compliant. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 54372] Digest Authentication fails on Safari and IE8/9
https://issues.apache.org/bugzilla/show_bug.cgi?id=54372 Mark Thomas ma...@apache.org changed: What|Removed |Added Status|NEW |RESOLVED Resolution|--- |INVALID --- Comment #3 from Mark Thomas ma...@apache.org --- IE8 is not compliant with RFC2617 so the authentication request is rejected. The browser is adding quotes to the qop field which is meant to be a token (and hence not quoted). Tomcat is rejecting this malformed request. You need to raise a bug with Microsoft to get that fixed. I suspect IE9 has the same problem. Safari is also adding quotes to the qop field. You'll need to raise a bug with Apple to get that fixed. It seems the browser developers were confusing the server qop field (which is a quoted, comma separated list of tokens) with the browser qop field which is a token (i.e. not quoted). Web servers are encouraged to be tolerant of misbehaving clients where they can. I'll see if there is a way this invalid header can be safely (since this is security related) parsed. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
