From: Vincent Bray Date: Sun, 2 Dec 2007 05:37:53 +0000 (+0000) Subject: Backport 600245 (AuthDigestQueryStringHack for MSIE7) X-Git-Tag: 2.2.7~166 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=fd56556cb74ce99d07e7dfc539293ff38d57f35e;p=thirdparty%2Fapache%2Fhttpd.git Backport 600245 (AuthDigestQueryStringHack for MSIE7) git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@600247 13f79535-47bb-0310-9956-ffa450edef68 --- diff --git a/docs/manual/mod/mod_auth_digest.xml b/docs/manual/mod/mod_auth_digest.xml index 16fa9312264..61633249f15 100644 --- a/docs/manual/mod/mod_auth_digest.xml +++ b/docs/manual/mod/mod_auth_digest.xml @@ -91,9 +91,9 @@
Working with MS Internet Explorer -

The Digest authentication implementation in current Internet - Explorer for Windows implementations has known issues, namely that - GET requests with a query string are not RFC compliant. +

The Digest authentication implementation in previous Internet + Explorer for Windows versions (5 and 6) had issues, namely that + GET requests with a query string were not RFC compliant. There are a few ways to work around this issue.

@@ -107,13 +107,16 @@ AuthDigestEnableQueryStringHack environment variable. If AuthDigestEnableQueryStringHack is set for the request, Apache will take steps to work around the MSIE bug and - remove the request URI from the digest comparison. Using this + remove the query string from the digest comparison. Using this method would look similar to the following.

Using Digest Authentication with MSIE: BrowserMatch "MSIE" AuthDigestEnableQueryStringHack=On +

This workaround is not necessary for MSIE 7, though enabling it does + not cause any compatibility issues or significant overhead.

+

See the BrowserMatch directive for more details on conditionally setting environment variables