From: Joe Orton Date: Mon, 6 Jul 2026 12:52:41 +0000 (+0000) Subject: * modules/aaa/mod_auth_digest.c (add_auth_info): Don't add X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=4e4c7fb9379de42118643f354f241aac6dcf3f76;p=thirdparty%2Fapache%2Fhttpd.git * modules/aaa/mod_auth_digest.c (add_auth_info): Don't add (Proxy-)Authentication-Info headers to 401/407 responses. GitHub: PR #661 git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1935954 13f79535-47bb-0310-9956-ffa450edef68 --- diff --git a/modules/aaa/mod_auth_digest.c b/modules/aaa/mod_auth_digest.c index c18c4b55fd..cef5574d28 100644 --- a/modules/aaa/mod_auth_digest.c +++ b/modules/aaa/mod_auth_digest.c @@ -1650,8 +1650,14 @@ static int add_auth_info(request_rec *r) return OK; } - /* setup nextnonce - */ + /* Don't add Authentication-Info for 401/407 responses. */ + if (apr_table_get(r->err_headers_out, + (r->proxyreq == PROXYREQ_PROXY) + ? "Proxy-Authenticate" : "WWW-Authenticate")) { + return OK; + } + + /* Set up nextnonce for one-time-nonces and expiring-nonce cases. */ if (conf->nonce_lifetime > 0) { /* send nextnonce if current nonce will expire in less than 30 secs */ if ((r->request_time - resp->nonce_time) > (conf->nonce_lifetime-NEXTNONCE_DELTA)) {