The WWW-Authenticate header is being dropped from responses sent by
mod_proxy in reverse proxy mode, when the original server's response
was chunked.
The problem appears to be in ap_http_header_filter() in
modules/http/http_protocol.c, where we have:
if (r->status == HTTP_NOT_MODIFIED) {
apr_table_do((int (*)(void *, const char *, const char *))
form_header_field,
(void *) &h, r->headers_out,
"Connection",
"Keep-Alive",
"ETag",
"Content-Location",
"Expires",
"Cache-Control",
"Vary",
"Warning",
"WWW-Authenticate",
"Proxy-Authenticate",
NULL);
}
else {
apr_table_do((int (*) (void *, const char *, const char *))
form_header_field,
(void *) &h, r->headers_out, NULL);
}
I would think that in the else case at least the WWW-Authenticate
header should be handled. Are there other headers that should also be
handled here?
