Summary: | No WWW-Authenticate header returned in 401 message | ||
---|---|---|---|
Product: | Apache httpd-2 | Reporter: | Christopher M. Tan <christ> |
Component: | mod_dav | Assignee: | Apache HTTPD Bugs Mailing List <bugs> |
Status: | CLOSED FIXED | ||
Severity: | normal | ||
Priority: | P3 | ||
Version: | 2.0.40 | ||
Target Milestone: | --- | ||
Hardware: | Other | ||
OS: | other |
Description
Christopher M. Tan
2002-12-20 15:10:35 UTC
It would certainly be helpful if you could try this with a more recent version of apache. 2.0.41-dev is quite old. No response from submitter. Assuming issue is resolved. This is a real bug, there's a fix in the mod_dav 1.0 tree which can be ported over. I suspect that the fix below is what is needed. I haven't found the mod_dav 1.0 change yet, but I found this change entry: "if a lock fails due to authentication problems, return a 403 (Forbidden) rather than 401 (Unauthorized). this fixes an HTTP conformance issue where we returned 401 but no WWW-Authenticate response header. (Joe Orton)" I'm guessing this is Joe's fix... patch to 2.0's mod_dav: Index: util.c =================================================================== RCS file: /home/cvs/httpd-2.0/modules/dav/main/util.c,v retrieving revision 1.48 diff -u -r1.48 util.c --- util.c 22 Apr 2003 21:52:46 -0000 1.48 +++ util.c 11 Nov 2003 21:30:58 -0000 @@ -1212,7 +1212,7 @@ "\" submitted a locktoken created " "by user \"", lock->auth_user, "\".", NULL); - return dav_new_error(p, HTTP_UNAUTHORIZED, 0, errmsg); + return dav_new_error(p, HTTP_FORBIDDEN, 0, errmsg); } /* The fix I used was to copy over the www-auth header from the subrequest to the main request, I can dig it out... Committed to HEAD, proposed to backport to 2.0: http://cvs.apache.org/viewcvs/httpd-2.0/modules/dav/main/mod_dav.c.diff?r1=1.100&r2=1.101 Thanks for the report. |