+1 ! Dw.
On Tue, 3 Aug 2004, Paul Querna wrote: > On Tue, 2004-08-03 at 15:22 -0400, Geoffrey Young wrote: > > hmm, I guess this fell off the collective radar. > > > > any comments? otherwise, I guess it's good enough and I'll just commit it > > to both 2.0 and 2.1. > > Looks good to me. > > -Paul Querna > > > > Geoffrey Young wrote: > > > > > > [EMAIL PROTECTED] wrote: > > > > > >>pquerna 2004/07/10 00:47:23 > > >> > > >> Modified: . Tag: APACHE_2_0_BRANCH CHANGES STATUS > > >> modules/aaa Tag: APACHE_2_0_BRANCH mod_auth_digest.c > > >> Log: > > >> Backport of AuthDigestEnableQueryStringHack > > >> Needs a doc update to explain what it does. > > > > > > > > > something like the attached? corrections, tweaks, or other feedback welcome. > > > > > > --Geoff > > > > > > > > > > > > ------------------------------------------------------------------------ > > > > > > Index: mod_auth_digest.xml > > > =================================================================== > > > RCS file: /home/cvs/httpd-2.0/docs/manual/mod/mod_auth_digest.xml,v > > > retrieving revision 1.5.2.8 > > > diff -u -r1.5.2.8 mod_auth_digest.xml > > > --- mod_auth_digest.xml 17 Apr 2004 18:43:37 -0000 1.5.2.8 > > > +++ mod_auth_digest.xml 12 Jul 2004 14:16:11 -0000 > > > @@ -72,7 +72,9 @@ > > > browsers. As of November 2002, the major browsers that support digest > > > authentication are <a href="http://www.opera.com/";>Opera</a>, <a > > > href="http://www.microsoft.com/windows/ie/";>MS Internet > > > - Explorer</a> (fails when used with a query string), <a > > > + Explorer</a> (fails when used with a query string - see the > > > + <directive module="mod_auth_digest">AuthDigestEnableQueryStringHack > > > + </directive> option below for a workaround), <a > > > href="http://www.w3.org/Amaya/";>Amaya</a>, <a > > > href="http://www.mozilla.org";>Mozilla</a> and <a > > > href="http://channels.netscape.com/ns/browsers/download.jsp"; > > > @@ -81,6 +83,36 @@ > > > in controlled environments.</p> > > > </note> > > > </section> > > > + > > > +<section id="msie"><title>Working with MS Internet Explorer</title> > > > + <p>The Digest authentication implementation in current Internet > > > + Explorer implementations has known issues, namely that <code><GET</code> > > > + requests with a query string are not RFC compliant. There are a > > > + few ways to work around this issue.</p> > > > + > > > + <p> > > > + The first way is to use <code>POST</code> requests instead of > > > + <code>GET</code> requests to pass data to your program. This method > > > + is the simplest approach if your application can work with this > > > + limitation. > > > + </p> > > > + > > > + <p>Apache also provides a workaround in the > > > + <code>AuthDigestEnableQueryStringHack</code> environment variable. > > > + If <code>AuthDigestEnableQueryStringHack</code> is true for the > > > + request, Apache will take steps to work around the MSIE bug and > > > + remove the request URI from the digest comparison. Using this > > > + method would look like similar to the following.</p> > > > + > > > + <example><title>Using Digest Authentication with MSIE:</title> > > > + BrowserMatch "MSIE" AuthDigestEnableQueryStringHack=On > > > + </example> > > > + > > > + <p>See the <directive module="mod_setenvif">BrowserMatch</directive> > > > + directive for more details on conditionally setting environment > > > + variables</p> > > > +</section> > > > + > > > > > > <directivesynopsis> > > > <name>AuthDigestFile</name> >
