HDR_USER_AGENT, HDR_X_FORWARDED_FOR, HDR_SURROGATE_CAPABILITY
};
+static HttpHeaderMask HopByHopHeadersMask;
static http_hdr_type HopByHopHeadersArr[] =
{
- HDR_CONNECTION, HDR_KEEP_ALIVE, HDR_PROXY_AUTHENTICATE, HDR_PROXY_AUTHORIZATION,
- HDR_TE, HDR_TRAILERS, HDR_TRANSFER_ENCODING, HDR_UPGRADE
+ HDR_CONNECTION, HDR_KEEP_ALIVE, /*HDR_PROXY_AUTHENTICATE,*/ HDR_PROXY_AUTHORIZATION,
+ HDR_TE, HDR_TRAILERS, HDR_TRANSFER_ENCODING, HDR_UPGRADE, HDR_PROXY_CONNECTION
};
/* header accounting */
httpHeaderCalcMask(&RequestHeadersMask, EntityHeadersArr, countof(EntityHeadersArr));
+ httpHeaderCalcMask(&HopByHopHeadersMask, HopByHopHeadersArr, countof(HopByHopHeadersArr));
+
/* init header stats */
assert(HttpHeaderStatCount == hoReply + 1);
{
removeConnectionHeaderEntries();
- int count = countof(HopByHopHeadersArr);
-
- for (int i=0; i<count; i++)
- delById(HopByHopHeadersArr[i]);
-
+ const HttpHeaderEntry *e;
+ HttpHeaderPos pos = HttpHeaderInitPos;
+ int headers_deleted = 0;
+ while ((e = getEntry(&pos))) {
+ int id = e->id;
+ if(CBIT_TEST(HopByHopHeadersMask, id)){
+ delAt(pos, headers_deleted);
+ CBIT_CLR(mask, id);
+ }
+ }
}
void
// end cloning
// remove all hop-by-hop headers from the clone
+ headClone->header.delById(HDR_PROXY_AUTHENTICATE);
headClone->header.removeHopByHopEntries();
// pack polished HTTP header
if (!keep_alive) {
/* drop the connection */
- rep->header.delByName("keep-alive");
request->flags.proxy_keepalive = 0;
}
} else {
case AUTHENTICATE_STATE_FAILED:
/* here it makes sense to drop the connection, as auth is
* tied to it, even if MAYBE the client could handle it - Kinkie */
- rep->header.delByName("keep-alive");
request->flags.proxy_keepalive = 0;
/* fall through */
hdr->delById(HDR_ETAG);
#endif
- // TODO: Should ESIInclude.cc that calls removeConnectionHeaderEntries
- // also delete HDR_PROXY_CONNECTION and HDR_KEEP_ALIVE like we do below?
-
- // XXX: Should HDR_PROXY_CONNECTION by studied instead of HDR_CONNECTION?
- // httpHeaderHasConnDir does that but we do not. Is this is a bug?
- hdr->delById(HDR_PROXY_CONNECTION);
- /* here: Keep-Alive is a field-name, not a connection directive! */
- hdr->delById(HDR_KEEP_ALIVE);
- /* remove Set-Cookie if a hit */
-
if (is_hit)
hdr->delById(HDR_SET_COOKIE);
+ // if there is not configured a peer proxy with login=PASS option enabled
+ // remove the Proxy-Authenticate header
+ if ( !(request->peer_login && strcmp(request->peer_login,"PASS") ==0))
+ reply->header.delById(HDR_PROXY_AUTHENTICATE);
+
reply->header.removeHopByHopEntries();
// if (request->range)
}
/* Filter unproxyable authentication types */
+
if (http->logType != LOG_TCP_DENIED &&
- (hdr->has(HDR_WWW_AUTHENTICATE) || hdr->has(HDR_PROXY_AUTHENTICATE))) {
+ (hdr->has(HDR_WWW_AUTHENTICATE) || hdr->has(HDR_PROXY_AUTHENTICATE))) {
HttpHeaderPos pos = HttpHeaderInitPos;
HttpHeaderEntry *e;
}
/* Handle authentication headers */
- if (request->auth_user_request)
+ if(http->logType == LOG_TCP_DENIED &&
+ ( reply->sline.status == HTTP_PROXY_AUTHENTICATION_REQUIRED ||
+ reply->sline.status == HTTP_UNAUTHORIZED)
+ ){
+ /* Add authentication header */
+ /*! \todo alter errorstate to be accel on|off aware. The 0 on the next line
+ * depends on authenticate behaviour: all schemes to date send no extra
+ * data on 407/401 responses, and do not check the accel state on 401/407
+ * responses
+ */
+ authenticateFixHeader(reply, request->auth_user_request, request, 0, 1);
+ }
+ else if (request->auth_user_request)
authenticateFixHeader(reply, request->auth_user_request, request,
http->flags.accel, 0);
entry->lock();
entry->buffer();
rep = errorBuildReply(err);
- /* Add authentication header */
- /*! \todo alter errorstate to be accel on|off aware. The 0 on the next line
- * depends on authenticate behaviour: all schemes to date send no extra
- * data on 407/401 responses, and do not check the accel state on 401/407
- * responses
- */
- authenticateFixHeader(rep, err->auth_user_request, err->request, 0, 1);
entry->replaceHttpReply(rep);
EBIT_CLR(entry->flags, ENTRY_FWD_HDR_WAIT);
entry->flush();
projects / thirdparty / squid.git / commitdiff
