Newer versions of apache make some security changes
so apache, even though you don't think any access control is being
applied on the server side,
might be blocking it by default (although that should be a 403 rather
than 401).
You could try a block like this:
<Location /uri_for/my/app.fcgi>
Order Allow,Deny
Allow From All
Satisfy Any
</Location>
I wrote an article on deploying starman with apache in the 2011
catalyst advent calendar, with some errata on my blog, you might want to
consider switching, although you would still run afoul of tighter apache
defaults if that is indeed your problem.
On 2013-11-08 15:54, Dan Lowe wrote:
I have begun development of a RESTful API (using
Catalyst::Controller::REST), intending to authenticate with basic
HTTP
authentication. Using the myproject_server.pl debug server,
everything
works fine. I send the GET, an Authorization: and an Accept: header,
and I get a 200 response followed by JSON result.
When I move this from dev to test, which means it goes behind
mod_fastcgi, it stops working. Every request gets back 401
Unauthorized. As far as I can tell, the Authorization header is not
being passed through to Catalyst.
Note that my main interactive application uses HTML form auth and
cookies/sessions, so this is our first use case involving HTTP basic
authentication.
Things I have already tried:
1. "Adding -pass-header Authorization" to the FastCgiExternalServer
parameter in httpd.conf
tcpdump tells me that the "Authorization: Basic xxxxxxx" is being
sent to the server on port 4900, but it never actually gets through
to
where my req object can use it, e.g. $c->req->header('Authorization')
is undef.
2. Rewriting the Authorization header as an env var
RewriteCond %{HTTP:Authorization} ^(.+)
RewriteRule ^(.*)$ $1 [E=HTTP_AUTHORIZATION:%1,PT]
This turns out not to help because the environment seen by the
fastcgi server is that of the user who started it, not the
environment
Apache is running in. Dumping the contents of %ENV shows that this
env
var is not available to Catalyst.
3. SSLOptions +StdEnvVars
See #2, it sets env vars in the wrong environment.
Has anyone had this problem and knows of some solution? I'm out of
ideas at this point...
Thanks,
Dan
_______________________________________________
List: Catalyst@lists.scsys.co.uk
Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
Searchable archive:
http://www.mail-archive.com/catalyst@lists.scsys.co.uk/
Dev site: http://dev.catalyst.perl.org/
_______________________________________________
List: Catalyst@lists.scsys.co.uk
Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/
Dev site: http://dev.catalyst.perl.org/
