| #
911dc5b4 |
| 25-May-2024 |
Niels Dossche <7771979+nielsdos@users.noreply.github.com> |
Fix bug #55639: Digest autentication dont work
RFC 2617 and 7616 describe that for the "Authorization" header we should
not put the qop nor nc value inside quotes. This differs from the
Fix bug #55639: Digest autentication dont work
RFC 2617 and 7616 describe that for the "Authorization" header we should
not put the qop nor nc value inside quotes. This differs from the
WWW-Authenticate header, which may have been the source of the confusion
in the implementation. While the version with quotes seems to work fine
in some cases, clearly not all servers accept the non-standard form.
To fix the issue, simply removing the quotes of those two header fields
of the client request to be in line with the RFC suffices.
I refer further to example 3.5 in RFC 2617 and example 3.9.1 in
RFC 7616.
RFC 2617: https://datatracker.ietf.org/doc/html/rfc2617
RFC 7616: https://datatracker.ietf.org/doc/html/rfc7616
Closes GH-14328.
show more ...
|
