From 01f0dae8633d6789069f727d5e6c95bdb933d41a Mon Sep 17 00:00:00 2001
From: Nick Kew <niq@apache.org>
Date: Fri, 25 Jun 2010 12:33:34 +0000
Subject: [PATCH] Disallow setting cache context in .htaccess, lest it be
 abused for cross-site or cross-application authn attacks.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@957918 13f79535-47bb-0310-9956-ffa450edef68
---
 modules/aaa/mod_authn_socache.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/modules/aaa/mod_authn_socache.c b/modules/aaa/mod_authn_socache.c
index ef15ef30da..baf49f3bbd 100644
--- a/modules/aaa/mod_authn_socache.c
+++ b/modules/aaa/mod_authn_socache.c
@@ -194,7 +194,7 @@ static const command_rec authn_cache_cmds[] =
                   OR_AUTHCFG, "Timeout (secs) for cached credentials"),
     AP_INIT_TAKE1("AuthnCacheContext", ap_set_string_slot,
                   (void*)APR_OFFSETOF(authn_cache_dircfg, context),
-                  OR_AUTHCFG, "Context for authn cache"),
+                  ACCESS_CONF, "Context for authn cache"),
     {NULL}
 };
 
-- 
2.40.0