Double WWW-Authentication headers in nginx 0.5.27
Grzegorz Nosek
grzegorz.nosek at gmail.com
Tue Jul 17 00:49:30 MSD 2007
Hello,
I have noticed that the HTTP auth module can return duplicated
headers. I haven't deeply investigated the issue (don't know nginx
code well enough, but it looks like the code got called again while
processing a subrequest) but the patch below seems to fix it. Standard
disclaimers apply, I don't know what broke :)
Anyway, if the patch is any good, feel free to use it.
Best regards,
Grzegorz Nosek
diff --git a/src/http/modules/ngx_http_auth_basic_module.c
b/src/http/modules/ngx_http_auth_basic_module.c
index 19bfe99..c5e6893 100644
--- a/src/http/modules/ngx_http_auth_basic_module.c
+++ b/src/http/modules/ngx_http_auth_basic_module.c
@@ -304,6 +304,10 @@ ngx_http_auth_basic_crypt_handler(ngx_http_request_t *r,
static ngx_int_t
ngx_http_auth_basic_set_realm(ngx_http_request_t *r, ngx_str_t *realm)
{
+ if (r->headers_out.www_authenticate) {
+ return NGX_HTTP_UNAUTHORIZED;
+ }
+
r->headers_out.www_authenticate = ngx_list_push(&r->headers_out.headers);
if (r->headers_out.www_authenticate == NULL) {
return NGX_HTTP_INTERNAL_SERVER_ERROR;
More information about the nginx
mailing list