From fd56556cb74ce99d07e7dfc539293ff38d57f35e Mon Sep 17 00:00:00 2001 From: Vincent Bray Date: Sun, 2 Dec 2007 05:37:53 +0000 Subject: [PATCH] Backport 600245 (AuthDigestQueryStringHack for MSIE7) git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@600247 13f79535-47bb-0310-9956-ffa450edef68 --- docs/manual/mod/mod_auth_digest.xml | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/docs/manual/mod/mod_auth_digest.xml b/docs/manual/mod/mod_auth_digest.xml index 16fa9312264..61633249f15 100644 --- a/docs/manual/mod/mod_auth_digest.xml +++ b/docs/manual/mod/mod_auth_digest.xml @@ -91,9 +91,9 @@
Working with MS Internet Explorer -

The Digest authentication implementation in current Internet - Explorer for Windows implementations has known issues, namely that - GET requests with a query string are not RFC compliant. +

The Digest authentication implementation in previous Internet + Explorer for Windows versions (5 and 6) had issues, namely that + GET requests with a query string were not RFC compliant. There are a few ways to work around this issue.

@@ -107,13 +107,16 @@ AuthDigestEnableQueryStringHack environment variable. If AuthDigestEnableQueryStringHack is set for the request, Apache will take steps to work around the MSIE bug and - remove the request URI from the digest comparison. Using this + remove the query string from the digest comparison. Using this method would look similar to the following.

Using Digest Authentication with MSIE: BrowserMatch "MSIE" AuthDigestEnableQueryStringHack=On +

This workaround is not necessary for MSIE 7, though enabling it does + not cause any compatibility issues or significant overhead.

+

See the BrowserMatch directive for more details on conditionally setting environment variables

-- 2.47.2