[PATCH 18 of 20] Upstream: multiple WWW-Authenticate headers (ticket #485)
Sergey Kandaurov
pluknet at nginx.com
Wed May 11 21:03:37 UTC 2022
On Thu, Apr 21, 2022 at 01:18:58AM +0300, Maxim Dounin wrote:
> # HG changeset patch
> # User Maxim Dounin <mdounin at mdounin.ru>
> # Date 1650492341 -10800
> # Thu Apr 21 01:05:41 2022 +0300
> # Node ID fa9751ffe7723a11159c158078e454671e81cb87
> # Parent 2027b85971d4b8a7e33c018548468057cb57eaf7
> Upstream: multiple WWW-Authenticate headers (ticket #485).
>
> When using proxy_intercept_errors and an error page for error 401
> (Unauthorized), multiple WWW-Authenticate headers from the upstream server
> response are now properly copied to the response.
>
> diff --git a/src/http/ngx_http_upstream.c b/src/http/ngx_http_upstream.c
> --- a/src/http/ngx_http_upstream.c
> +++ b/src/http/ngx_http_upstream.c
> @@ -2647,7 +2647,7 @@ ngx_http_upstream_intercept_errors(ngx_h
> {
> ngx_int_t status;
> ngx_uint_t i;
> - ngx_table_elt_t *h;
> + ngx_table_elt_t *h, *ho, **ph;
> ngx_http_err_page_t *err_page;
> ngx_http_core_loc_conf_t *clcf;
>
> @@ -2676,18 +2676,26 @@ ngx_http_upstream_intercept_errors(ngx_h
> if (status == NGX_HTTP_UNAUTHORIZED
> && u->headers_in.www_authenticate)
> {
> - h = ngx_list_push(&r->headers_out.headers);
> -
> - if (h == NULL) {
> - ngx_http_upstream_finalize_request(r, u,
> + h = u->headers_in.www_authenticate;
> + ph = &r->headers_out.www_authenticate;
> +
> + while (h) {
> + ho = ngx_list_push(&r->headers_out.headers);
> +
> + if (ho == NULL) {
> + ngx_http_upstream_finalize_request(r, u,
> NGX_HTTP_INTERNAL_SERVER_ERROR);
> - return NGX_OK;
> + return NGX_OK;
> + }
> +
> + *ho = *h;
> + ho->next = NULL;
> +
> + *ph = ho;
> + ph = &ho->next;
> +
> + h = h->next;
> }
> -
> - *h = *u->headers_in.www_authenticate;
> - h->next = NULL;
> -
> - r->headers_out.www_authenticate = h;
> }
>
> #if (NGX_HTTP_CACHE)
>
While the patch certainly looks correct,
I'm not sure about usefulness of r->headers_out.www_authenticate.
Is the header accessed directly through this pointer ever?
For read purposes I mean. Header filters seem not.
The only place is in the auth_request module,
but it doesn't seem to make sense in subrequest.
More information about the nginx-devel
mailing list