Bug #24711 for libwww-perl: LWP should recalculate digest auth after redirects

Wed Jan 31 22:04:13 2007 oliviert [...] cpan.org - Ticket created

Subject:

LWP should recalculate digest auth after redirects

Scenario 1) client requests / on secure.example.org port 80 2) server replies HTTP/1.1 301 Moved Permanently Location: http://secure.example/Team 3) client request /Team 4) server replies with 401 challenge (digest auth) 5) client requests /Team again, with auth 6) server replies HTTP/1.1 301 Moved Permanently Location: http://secure.example/Team/ 7) client requests /Team/, with same auth headers However, the digest authentication response is calculated based (among other things) on the requested URI, so the response for /Team and /Team/ are different. Running % GET -uUsSx http://secure.example.org/Team returns [...] GET http://secure.example.org/Team/ Authorization: Digest username="myusername", realm="REALMNAME", qop="auth", algorithm="MD5", uri="/Team", nonce=[...] and so... 8) server say "thanks, but no thanks". 400 Bad Request logs say: [Mon Jan 22 01:16:12 2007] [error] [client 133.27.228.213] Digest: uri mismatch - </Team> does not match request-uri </Team/> LWP (and, I suppose, LWP::Authen::Digest) should calculate the digest based on the new URI after a redirect. Show quoted text

---- System info ---- LWP 5.805 perl v5.8.6 built for darwin-thread-multi-2level Darwin 8.8.0 Darwin Kernel Version 8.8.0: Fri Sep 8 17:18:57 PDT 2006; root:xnu-792.12.6.obj~1/RELEASE_PPC Power Macintosh powerpc

Thu Mar 30 19:52:40 2017 olaf [...] wundersolutions.com - Correspondence added

Ticket migrated to github as https://github.com/libwww-perl/libwww-perl/issues/131

Thu Mar 30 19:52:40 2017 The RT System itself - Status changed from 'new' to 'open'

Thu Mar 30 19:52:41 2017 olaf [...] wundersolutions.com - Status changed from 'open' to 'resolved'