]> git.ipfire.org Git - thirdparty/apache/httpd.git/commitdiff
projects / thirdparty / apache / httpd.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: bcddf94)
document AuthDigestEnableQueryStringHack
authorGeoffrey Young <geoff@apache.org>
Wed, 4 Aug 2004 13:01:42 +0000 (13:01 +0000)
committerGeoffrey Young <geoff@apache.org>
Wed, 4 Aug 2004 13:01:42 +0000 (13:01 +0000)
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/APACHE_2_0_BRANCH@104474 13f79535-47bb-0310-9956-ffa450edef68

docs/manual/mod/mod_auth_digest.xml patch | blob | blame | history

diff --git a/docs/manual/mod/mod_auth_digest.xml b/docs/manual/mod/mod_auth_digest.xml
index b238e58c95186b821f121d4521bb7676fd5d7e71..9e5eb763ad6e6ef6844065fa2c7e564df2bcfdad 100644 (file)
--- a/docs/manual/mod/mod_auth_digest.xml
+++ b/docs/manual/mod/mod_auth_digest.xml
@@ -1,7 +1,7 @@
 <?xml version="1.0"?>
 <!DOCTYPE modulesynopsis SYSTEM "../style/modulesynopsis.dtd">
 <?xml-stylesheet type="text/xsl" href="../style/manual.en.xsl"?>
-<!-- $Revision: 1.5.2.8 $ -->
+<!-- $Revision: 1.5.2.9 $ -->
 
 <!--
  Copyright 2002-2004 The Apache Software Foundation
@@ -72,7 +72,9 @@
     browsers. As of November 2002, the major browsers that support digest
     authentication are <a href="http://www.opera.com/">Opera</a>, <a
     href="http://www.microsoft.com/windows/ie/">MS Internet
-    Explorer</a> (fails when used with a query string), <a
+    Explorer</a> (fails when used with a query string - see the
+    <directive module="mod_auth_digest">AuthDigestEnableQueryStringHack
+    </directive> option below for a workaround), <a
     href="http://www.w3.org/Amaya/">Amaya</a>, <a
     href="http://www.mozilla.org">Mozilla</a> and <a
     href="http://channels.netscape.com/ns/browsers/download.jsp"
@@ -82,6 +84,36 @@
     </note>
 </section>
 
+<section id="msie"><title>Working with MS Internet Explorer</title>
+    <p>The Digest authentication implementation in current Internet
+    Explorer implementations has known issues, namely that <code><GET</code>
+    requests with a query string are not RFC compliant.  There are a
+    few ways to work around this issue.</p>
+
+    <p>
+    The first way is to use <code>POST</code> requests instead of
+    <code>GET</code> requests to pass data to your program.  This method
+    is the simplest approach if your application can work with this
+    limitation.
+    </p>
+
+    <p>Apache also provides a workaround in the
+    <code>AuthDigestEnableQueryStringHack</code> environment variable.
+    If <code>AuthDigestEnableQueryStringHack</code> is true for the
+    request, Apache will take steps to work around the MSIE bug and
+    remove the request URI from the digest comparison.  Using this
+    method would look similar to the following.</p>
+
+    <example><title>Using Digest Authentication with MSIE:</title>
+    BrowserMatch "MSIE" AuthDigestEnableQueryStringHack=On
+    </example>
+
+    <p>See the <directive module="mod_setenvif">BrowserMatch</directive>
+    directive for more details on conditionally setting environment
+    variables</p>
+</section>
+
+
 <directivesynopsis>
 <name>AuthDigestFile</name>
 <description>Location of the text file containing the list
Mirror of https://github.com/apache/httpd.git