Make sure the contents of the WWW-Authenticate header is

passed on a 4xx error by proxy. Previously all headers
were dropped, resulting in the browser being unable to
authenticate.
PR:
Obtained from:
Submitted by:	Dr Richard Reiner <rreiner@fscinternet.com>, Richard Danielli <rdanielli@fscinternet.com>, Graham Wiseman <gwiseman@fscinternet.com>, David Henderson <dhenderson@fscinternet.com>
Reviewed by:	Graham Leggett

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@96982 13f79535-47bb-0310-9956-ffa450edef68

diff --git a/CHANGES b/CHANGES
index f6454f4348238701a9887369289de45db4904e2c..19a69c06855af8e4f672f7a92020333272ab70d0 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -1,5 +1,13 @@
 Changes with Apache 2.0.43
 
+  *) Make sure the contents of the WWW-Authenticate header is
+     passed on a 4xx error by proxy. Previously all headers
+     were dropped, resulting in the browser being unable to
+     authenticate. [Dr Richard Reiner <rreiner@fscinternet.com>,
+     Richard Danielli <rdanielli@fscinternet.com>, Graham Wiseman
+     <gwiseman@fscinternet.com>, David Henderson
+     <dhenderson@fscinternet.com>]
+
   *) Make mod_cache's CacheMaxStreamingBuffer directive work
      properly for virtual hosts that override server-wide mod_cache
      setttings.  [Matthieu Estrade <estrade-m@ifrance.com>]

diff --git a/modules/proxy/proxy_http.c b/modules/proxy/proxy_http.c
index aa1e08dd7a9e2160ecf440e89e74b81ea05db177..05881edfa1369a9ba9ca330de9c724e2356c9188 100644 (file)
--- a/modules/proxy/proxy_http.c
+++ b/modules/proxy/proxy_http.c
@@ -860,6 +860,17 @@ apr_status_t ap_proxy_http_process_response(apr_pool_t * p, request_rec *r,
             }
         }
 
+      if ((r->status == 401) && (conf->error_override != 0)) {
+          const char *buf;
+          const char *wa = "WWW-Authenticate";
+          if (buf = apr_table_get(r->headers_out, wa)) {
+              apr_table_set(r->err_headers_out, wa, buf);
+          } else {
+              ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server,
+                           "proxy: origin server sent 401 without w-a header");
+          }
+      }
+
         r->sent_bodyct = 1;
         /* Is it an HTTP/0.9 response? If so, send the extra data */
         if (backasswards) {
@@ -966,6 +977,7 @@ apr_status_t ap_proxy_http_process_response(apr_pool_t * p, request_rec *r,
              */
             int status = r->status;
             r->status = HTTP_OK;
+          ap_discard_request_body(rp);
             return status;
         }
     } else