Bug 64481 - [mod_auth_form] Incorrect documentation example of inline form
Summary: [mod_auth_form] Incorrect documentation example of inline form
Status: NEW
Alias: None
Product: Apache httpd-2
Classification: Unclassified
Component: Documentation (show other bugs)
Version: 2.5-HEAD
Hardware: PC Mac OS X 10.1
: P2 normal (vote)
Target Milestone: ---
Assignee: HTTP Server Documentation List
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2020-05-29 13:50 UTC by Brian Candler
Modified: 2020-05-29 13:50 UTC (History)
0 users


Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Brian Candler 2020-05-29 13:50:42 UTC 
At these URLs
https://httpd.apache.org/docs/2.4/mod/mod_auth_form.html#inline
https://httpd.apache.org/docs/trunk/mod/mod_auth_form.html#inline
they give the following example:

(Basic inline example)
AuthFormProvider file
ErrorDocument 401 "/login.shtml"
AuthUserFile "conf/passwd"
AuthType form
AuthName /admin
AuthFormLoginRequiredLocation "http://example.com/login.html"  <<<< NOTE
Session On
SessionCookieName session path=/


Based on testing, the AuthFormLoginRequiredLocation line needs to be removed.  That is also consistent with the previous description which says:

"If a non-authenticated user attempts to access a page protected by mod_auth_form <<<that isn't configured with a AuthFormLoginRequiredLocation directive>>>, a HTTP_UNAUTHORIZED status code is returned to the browser indicating to the user that they are not authorized to view the page."

(<<< emphasis mine >>>)