Re: Mod_auth_digest URI Mismatch
Andr Malo wrote:
* Rob Emanuele wrote:
Any suggestions for a workaround?
forms: use POST
simple URLs: use mod_rewrite or something to provide the browser a URL
without query strings.
(client-side: use another browser ;-)
Or, if you really really want to touch only Apache, and are willing to
take the responsibility, do the following VERY CAREFULLY:
off the record
patch mod_auth_digest.c:
d_uri.path[0] == '*' d_uri.path[1] == '\0'))
+ #ifdef NOT_FOR_ME
/* check that query matches */
|| (d_uri.query != r_uri.query
(!d_uri.query || !r_uri.query
|| strcmp(d_uri.query, r_uri.query)))
+ #endif
) {
/off the record
And remember: you haven't heard it from me! ;-)
--
Eli Marmor
[EMAIL PROTECTED]
CTO, Founder
Netmask (El-Mar) Internet Technologies Ltd.
__
Tel.: +972-9-766-1020 8 Yad-Harutzim St.
Fax.: +972-9-766-1314 P.O.B. 7004
Mobile: +972-50-23-7338 Kfar-Saba 44641, Israel
Re: Mod_auth_digest URI Mismatch
* Rob Emanuele wrote:
When using IE 6.0.2600 or the WinInet API which uses IE to retrieve data
from a cgi that has params in the get request I get an error:
Digest: uri mismatch - /cgi%2Dbin/get_age.pl does not match
request-uri /cgi%2Dbin/get_age.pl?data=foo
Is this a bug in the mod_auth_digest or in the way IE6 generates
responses to a digest challenge?
It's a bug in IE, see also the note at
http://httpd.apache.org/docs-2.0/mod/mod_auth_digest.html#using
If I look at the packets going across
the wire the Autorization header definitely says
uri=/cgi%2Dbin/get_age.pl.
yes, that's the bug. The query string lacks.
nd
--
my @japh = (sub{q~Just~},sub{q~Another~},sub{q~Perl~},sub{q~Hacker~});
my $japh = q[sub japh { }]; print join #
[ $japh =~ /{(.)}/] - [0] = map $_ - () #André Malo #
= @japh;# http://www.perlig.de/ #
RE: Mod_auth_digest URI Mismatch
Thanks. I found that too. Is this listed anywhere in Microsoft's
Knowledge Base?
Any suggestions for a workaround?
Praying for a hotfix,
Rob
-Original Message-
From: André Malo [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, December 17, 2002 10:26 AM
To: [EMAIL PROTECTED]
Subject: Re: Mod_auth_digest URI Mismatch
* Rob Emanuele wrote:
When using IE 6.0.2600 or the WinInet API which uses IE to retrieve
data from a cgi that has params in the get request I get an error:
Digest: uri mismatch - /cgi%2Dbin/get_age.pl does not match
request-uri /cgi%2Dbin/get_age.pl?data=foo
Is this a bug in the mod_auth_digest or in the way IE6 generates
responses to a digest challenge?
It's a bug in IE, see also the note at
http://httpd.apache.org/docs-2.0/mod/mod_auth_digest.html#using
If I look at the packets going across
the wire the Autorization header definitely says
uri=/cgi%2Dbin/get_age.pl.
yes, that's the bug. The query string lacks.
nd
--
my @japh = (sub{q~Just~},sub{q~Another~},sub{q~Perl~},sub{q~Hacker~});
my $japh = q[sub japh { }]; print join #
[ $japh =~ /{(.)}/] - [0] = map $_ - () #André Malo #
= @japh;# http://www.perlig.de/ #
Re: Mod_auth_digest URI Mismatch
* Rob Emanuele wrote: Thanks. I found that too. Is this listed anywhere in Microsoft's Knowledge Base? hmm, don't know. Didn't find anything there. Any suggestions for a workaround? forms: use POST simple URLs: use mod_rewrite or something to provide the browser a URL without query strings. (client-side: use another browser ;-) nd -- Real programmers confuse Christmas and Halloween because DEC 25 = OCT 31. -- Unknown (found in ssl_engine_mutex.c)
