Double WWW-Authentication headers in nginx 0.5.27

Grzegorz Nosek grzegorz.nosek at
Tue Jul 17 00:49:30 MSD 2007


I have noticed that the HTTP auth module can return duplicated
headers. I haven't deeply investigated the issue (don't know nginx
code well enough, but it looks like the code got called again while
processing a subrequest) but the patch below seems to fix it. Standard
disclaimers apply, I don't know what broke :)

Anyway, if the patch is any good, feel free to use it.

Best regards,
 Grzegorz Nosek

diff --git a/src/http/modules/ngx_http_auth_basic_module.c
index 19bfe99..c5e6893 100644
--- a/src/http/modules/ngx_http_auth_basic_module.c
+++ b/src/http/modules/ngx_http_auth_basic_module.c
@@ -304,6 +304,10 @@ ngx_http_auth_basic_crypt_handler(ngx_http_request_t *r,
 static ngx_int_t
 ngx_http_auth_basic_set_realm(ngx_http_request_t *r, ngx_str_t *realm)
+    if (r->headers_out.www_authenticate) {
+        return NGX_HTTP_UNAUTHORIZED;
+    }
     r->headers_out.www_authenticate = ngx_list_push(&r->headers_out.headers);
     if (r->headers_out.www_authenticate == NULL) {

More information about the nginx mailing list