New Message: httpAuthentication bug?
webmaster at userland.com
webmaster at userland.com
Mon Oct 1 08:56:30 PDT 2001
A new message was posted:
Address: http://frontier.userland.com/discuss/msgReader$8818
By: Per Kreipke (per at onclave.com)
I'm using mainResponder.security.httpAuthentication() to protect an individual page using Digest authentication.
In the function, just after checkRequiredField("uri"), it tests whether or not the URI of the request matches the URI of the protected domain. Which it should of course.
But. It checks to see that the two are equal. Which they aren't if: 1) the URI has arguments 2) the URI points to a child page.
For example, the auth header contains a uri of '/this/that/other.html' but authentication failes if it's a form POST and the URI becomes '/this/that/other.html?arg=foo&arg2=bar'.
Is this right?
Per
This is a Manila site.. http://manila.userland.com/.
More information about the Frontier-Server
mailing list