[EMAIL PROTECTED] writes: > I'm using python 2.2 (hopefully we'll be upgrading our system to 2.3 > soon) and I'm trying to prototype some xml-rpc via cgi functionality. > If I override the Transport class on the xmlrpclib client and add some > random header like "Junk", then when I have my xmlrpc server log it's > environment when running, I see the HTTP_JUNK header. If I do this > with AUTHORIZATION, the header is not found. > > Does this ring a bell for anyone? Am I misunderstanding how to use > this header? I'm guessing that Apache might be eating this header, but > I don't know why.
By default, Apache does eat that. It's a compile time default; the Apache developers think it's a security hole. Here's a note about it: http://httpd.apache.org/dev/apidoc/apidoc_SECURITY_HOLE_PASS_AUTHORIZATION.html >From what I can see, this is still true in Apache 2. -- |>|\/|< /--------------------------------------------------------------------------\ |David M. Cooke |cookedm(at)physics(dot)mcmaster(dot)ca -- http://mail.python.org/mailman/listinfo/python-list
