Hi guys, The HTTP Authentication Header "Authorization" is absent from $c->req->headers when running under mod_fastcgi.
In other words, under mod_fastcgi: ok(defined $c->req->header('authorization'), 'HTTP Authorization Header')... fails Whereas the above test passes under mod_perl. I've done some searching and it appears the Authorization header gets stripped out by FastCGI as a "security precaution". The mod_fastcgi docs (http://www.fastcgi.com/mod_fastcgi/docs/mod_fastcgi.html) indicate that you can disable this behaviour by adding the following option to the FastCgiServer directive: -pass-header header "The name of an HTTP Request Header to be passed in the request environment. This option makes available the contents of headers which are normally not available (e.g. Authorization) to a CGI environment." However this doesn't seem to work for me (Apache/2.2.3, mod_fastcgi-2.4.6). The end result is that under mod_fastcgi Catalyst::Plugin::Authentication::Credential::HTTP doesn't work (and presumably neither does any other code that tries to do HTTP Basic Authentication). Patrick Donelan _______________________________________________ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ Dev site: http://dev.catalyst.perl.org/