Summary: | mod_headers doesn't edit WWW-Authentication from mod_auth_basic | ||
---|---|---|---|
Product: | Apache httpd-2 | Reporter: | Roland Reichwein <rr> |
Component: | mod_headers | Assignee: | Apache HTTPD Bugs Mailing List <bugs> |
Status: | NEW --- | ||
Severity: | normal | CC: | paolo.dipatria |
Priority: | P2 | Keywords: | FixedInTrunk |
Version: | 2.5-HEAD | ||
Target Milestone: | --- | ||
Hardware: | PC | ||
OS: | Linux | ||
Attachments: | Fix for editing headers from mod_auth_basic in mod_headers |
Description
Roland Reichwein
2018-01-20 08:11:55 UTC
Hi Roland, thanks a lot for the report. I reproduced with the basic config outlined in the stack-overflow post and the latest 2.4.x version of the code. gdb shows me: Thread 6 "httpd" hit Breakpoint 1, ap_headers_error_filter (f=0x7fffc4007698, in=0x7fffc4007830) at mod_headers.c:906 906 do_headers_fixup(f->r, f->r->err_headers_out, dirconf->fixup_err, 0); (gdb) dump_table f->r->err_headers_out (gdb) dump_table f->r->headers_out [0] 'WWW-Authenticate'='Basic realm="abcdef"' [0x7fffc4007658] Header always should only add/modify/etc.. the err_headers_out list, not the headers_out one, so mod_headers seems to work as intended. The main issue that I am seeing is related to the WWW-Authenticate header, that should not be in headers_out.. Also very interesting that with trunk I get the correct result: # curl localhost/session/test -i HTTP/1.1 401 Unauthorized Date: Mon, 22 Oct 2018 07:35:07 GMT Server: Apache/2.5.1-dev (Unix) OpenSSL/1.1.0f HelloHello: Blupp WWW-Authenticate: SR_Basic realm="abcdef" Content-Length: 381 Content-Type: text/html; charset=iso-8859-1 and gdb tells me that mod_headers get WWW-Authenticate in err_headers_out, as expected.. I re-tested 2.4.x with http://svn.apache.org/r1832092 and it seems to work fine, can you test Roland if you still have patience/time? |