https://issues.apache.org/bugzilla/show_bug.cgi?id=53692
--- Comment #2 from David Mansfield <[email protected]> --- In contrary to the findings in the original entry, I have found the POST data is lost irrespective of the form encoding. I have created a test case which I will attach. formauth.conf => place in /etc/httpd/conf.d or equiv start.html => place in /var/www/form_auth_test as per conf login.shtml => ditto (to activate this change the ErrorDocument in conf) login.cgi => place in /var/www/form_auth_test_cgi as per conf Here are some comments regarding the test case: In this example I will show that by the time the ErrorDocument for 401 is invoked (which is the way "inline authentication with body preservation" works), that the POST body has been discarded and the request has been converted from POST to GET (these are probably related). So in this example there is a page /start.html which is NOT within the "private" area of the site. It has a simple form which gets POSTed to /private/target.html (which doesn't need to exist because we fail before it's relevant). The authentication hook intercepts the POST, and the mod_auth_form throws a 401, which is handled with the ErrorDocument 401 /cgi-bin/login.cgi (or /login.shtml) When login.cgi runs there is no POST data on STDIN and REQUEST_METHOD is always GET. BTW, I have also tried using ErrorDocument 401 /login.shtml (via mod_include) but the result is the same. -- You are receiving this mail because: You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
