Posted by LacaK on 03/18/05 16:24

Hello,

When I try to use "HTTP Digest Authorization" using code like :

Header( "HTTP/1.0 401 Unauthorized");
Header( "WWW-Authenticate: Digest realm=\"www.myrealm.com\",
opaque=\"opaque\", nonce=\"nonce\", stale=\"false\", qop=\"auth\"");

browser returns in HTTP request Authorization header like this one :
Digest username="lacak", realm="www.myrealm.com", qop="auth",
algorithm="MD5", uri="/devel/phpinfo.php",
nonce="5e8ac9b033001458fc5380d8a88325a2", nc=00000004,
cnonce="c9495e4af19fa6b08eb045f32e6ced79",
response="fbd8f86b45334202b2cac380f29d9706"

When PHP runs as apache module with safe_mode=off

I can read this header using apache_request_headers() function

But when safe_mode=On,
then apache_request_headers() returns no Authorization (this is documented
behavior)

Is this bug or exists other way how access Authorization header ?
Can anyone help ?
How to report this to php developers, to fix this problem ?

Thank you
LacaK.

• Next in thread: Re: [PHP] Authorization header is missing from apache_request_headers() array
• Next in forum: Memory exhausted message wrong
• Prev in forum: Re: [PHP] sessioncookies?
• Thread view: Authorization header is missing from apache_request_headers() array

[Reply to this message]