Feature #4936
closed
Android標準ブラウザに対してWEBrickのDigest認証を行った際の挙動
Added by blueday (blue day) over 13 years ago.
Updated over 13 years ago.
Description
Android標準ブラウザはDigest認証時に、Authorizationリクエストヘッダで「algorithm=MD5」と送るべきところを「algorithm=md5」としてしまう(小文字で送ってしまう)ため、WEBrickではアルゴリズム不一致として認証に失敗します。
クライアント側のバグではありますが、WEBrickの側で「OperaHack」のような対応はできないでしょうか。
- Status changed from Open to Assigned
- Assignee set to naruse (Yui NARUSE)
- Target version changed from 2.0.0 to 1.9.3
既に Opera 向けの hack が入ってるようなので Android 向けの対応もまぁいいんじゃないでしょうか。
テスト書いたらコミットします。
- Status changed from Assigned to Closed
- % Done changed from 0 to 100
This issue was solved with changeset r32410.
blue, thank you for reporting this issue.
Your contribution to Ruby is greatly appreciated.
May Ruby be with you.
-
lib/webrick/httpauth/digestauth.rb (_authenticate):
Literal texts in HTTP ABNF is case-insensitive (RFC2616 2.1),
and a ample implementation in RFC2617 also ignores the case
of algorithms. So now this ignores those cases.
[ruby-dev:43965] [Feature #4936]
-
lib/webrick/httpauth/digestauth.rb (initialize):
Because of above, opera_hack is useless and removed.
Also available in: Atom
PDF
Like0
Like0Like0