2011年2月1日星期二

Re: auth_request, HTTP 401 and missing header WWW-Authenticate

Hello!

On Tue, Feb 01, 2011 at 03:09:07PM +0000, Pavel Kolla wrote:

[...]

> I can see from source code for auth_request that it should produce "WWW-
> Authenticate" headers, however it never does for me... would really appreciate
> any suggestions helping me to resolve this.
> Thanks in advance.

Auth request module shouldn't produce WWW-Authenticate header by
itself. Instead, you should return WWW-Authenticate header with 401 reply
from your auth backend, auth_request will pass it to client.

This is explicitly documented, see here:

http://mdounin.ru/hg/ngx_http_auth_request_module/file/a29d74804ff1/README#l7

(and this is the only way how it may work, as auth request
module doesn't know anything about authentication mechanism
used)

It may not be trivial to add such header within nginx itself
though, as add_header a) doesn't work on subrequests and b)
doesn't work on 401 replies.

Maxim Dounin

_______________________________________________
nginx mailing list
nginx@nginx.org
http://nginx.org/mailman/listinfo/nginx

没有评论:

发表评论