On Tue, 06 Oct 2009 23:25:35 +0200, Henrik Nordstrom <hen...@henriknordstrom.net> wrote: > ons 2009-10-07 klockan 10:06 +1300 skrev Amos Jeffries: > >> Firefox-3.x wil happyily popup the ftp:// auth dialog if the proxy-auth >> header is sent. >> There were a few bugs which got fixed in the 3.1 re-writes and made squid >> start to send it properly. It's broken in 3.0, not sure if its the same >> in >> 2.x but would assume so. The fixes done rely on C++ objects so wont be >> easy >> to port. > > In what ways is 3.0 broken? > > The visible changes I see is that 3.1 only prompts if required by the > FTP server, and that the realm for some reason is changed to also > include the requested server name. 401 basic auth realms are implicit > unique to each servername. (digest auth is a little fuzzier as it may > apply to more domains/servers)
3.0 uses a generic fail() mechanism to send results back. That mechanism seems not to add the Proxy-Auth reply header at all. 3.0 also was only parsing the URL and config file. Popup re-sends contain the auth in headers not URL. 3.1 changed that to an explicit error page+headers generation, and also includes a slightly corrected login parse (you helped get that right). Also altered the login parser to notice the Proxy-Auth request header when sent. FYI: the patches in 3.1 are (in order, since the heavily overlap): http://www.squid-cache.org/Versions/v3/3.1/changesets/b9584.patch http://www.squid-cache.org/Versions/v3/3.1/changesets/b9627.patch http://www.squid-cache.org/Versions/v3/3.1/changesets/b9694.patch Amos