Re: Apache 1.3 and quoted AuthName strings

• Messages sorted by: [ date ][ thread ][ subject ][ author ]
• Next message: Gisle Aas: "Re: Post to https"
• Previous message: jianzhong ding: "Post to https"

[ Gisle Aas writes: ]
> 
> Dave Wolfe <dwolfe@risc.sps.mot.com> writes:
> 
> > A web site I access via LWP has updated their Apache server to 1.3
> > (beta 4?) and because of that apparently had to quote all AuthName

Actually beta 3, but the same thing happens on my 1.2.4.

> > strings that contained spaces, like so:
> > 
> >     AuthName "My Auth Scheme"
> > 
> > The problem is that now the header comes back looking like:
> > 
> >     Www-authenticate: Basic realm=""My Auth Scheme""
> > 
> > (Note the doubled quotes.) Although it's obviously Apache's problem,
> > it doesn't seem to bother NS (4.03) or IE (4.01) browsers, but it
> > keeps LWP::UserAgent::request() (5.14) from recognizing the realm (OK,
> > it thinks it has a null realm). I grabbed 5.20 and checked it -- new
> > implementation, same problem. Any words of wisdom, other than change the
> > realm to not have spaces and thus not be enquoted?
> 
> Since this is a badly formatted header I think it is reasonable for
> LWP to misparse it.

No argument there. A little further research shows that NS sees it as:

    "My Auth Scheme

i.e. the 2nd quote as part of the name. IE thinks it's a null realm,
just like LWP. Strangely enough,

    AuthName ""

comes back as:

    """

in NS and null as expected in IE.

No patch suggestions from me, I think Apache (and NS) are broken and the
Apache developers agree.

-- 
 Dave Wolfe

• Next message: Gisle Aas: "Re: Post to https"
• Previous message: jianzhong ding: "Post to https"