[dev] RPC Authorization header
Jan Schneider
jan at horde.org
Tue Dec 31 14:51:02 PST 2002
Zitat von René Lund Jensen <lundeman at tbkol.dk>:
> I've found out that perl sends the header:
>
> Authorization: Basic [Base64 encoded credentials]
>
> this is compliant with RFC1945 HTTP 1.0
> ( http://www.ietf.org/rfc/rfc1945.txt )
>
> and RFC 2616 HTTP 1.1
> ( http://www.ietf.org/rfc/rfc2616.txt )
>
> But Horde sends:
>
> Authentication: Basic [Base64 encoded credentials]
>
> .. in RPC::request(...)
>
> Basically this is probably a typo.
It was indeed, no idea what I thought by using "authentication".
> The funny thing is, that the check in horde/rpc.php using
> $_SERVER['HTTP_AUTHENTICATION'] is actually returning the headerfield of
> Authentication, and NOT Authorization, but this is probably an error in
I guess, PHP (or Apache) is putting every header send by the user agent into
the appropriate HTTP_* field of the $_SERVER array.
> PHP. The new (in rpc.php v.1.9) 2. check for authentication credentials
> using $_SERVER['PHP_AUTH_USER'] and $_SERVER['PHP_AUTH_PW'] is actually
> extracting the user and password from the Authorization header,
> compliant with the RFC's
>
> So unless it breaks something I will suggest to remove the 1. check for
> credentials, and only use the second one.
Yes, I removed the first check. It was there because the second never worked
for me. Now I know why. ;-) Thanks for digging into it.
Jan.
--
http://www.horde.org - The Horde Project
http://www.ammma.de - discover your knowledge
http://www.tip4all.de - Deine private Tippgemeinschaft
More information about the dev
mailing list