You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by no...@apache.org on 2007/12/02 06:40:49 UTC

svn commit: r600249 - /httpd/httpd/branches/2.0.x/docs/manual/mod/mod_auth_digest.xml

Author: noodl
Date: Sat Dec  1 21:40:49 2007
New Revision: 600249

URL: http://svn.apache.org/viewvc?rev=600249&view=rev
Log:
Backport 600245 (AuthDigestQueryStringHack for MSIE7)

Modified:
    httpd/httpd/branches/2.0.x/docs/manual/mod/mod_auth_digest.xml

Modified: httpd/httpd/branches/2.0.x/docs/manual/mod/mod_auth_digest.xml
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.0.x/docs/manual/mod/mod_auth_digest.xml?rev=600249&r1=600248&r2=600249&view=diff
==============================================================================
--- httpd/httpd/branches/2.0.x/docs/manual/mod/mod_auth_digest.xml (original)
+++ httpd/httpd/branches/2.0.x/docs/manual/mod/mod_auth_digest.xml Sat Dec  1 21:40:49 2007
@@ -85,10 +85,10 @@
 </section>
 
 <section id="msie"><title>Working with MS Internet Explorer</title>
-    <p>The Digest authentication implementation in current Internet
-    Explorer implementations has known issues, namely that <code>GET</code>
-    requests with a query string are not RFC compliant.  There are a
-    few ways to work around this issue.</p>
+    <p>The Digest authentication implementation in previous Internet
+    Explorer for Windows versions (5 and 6) had issues, namely that
+    <code>GET</code> requests with a query string were not RFC compliant.
+    There are a few ways to work around this issue.</p>
 
     <p>
     The first way is to use <code>POST</code> requests instead of
@@ -101,12 +101,15 @@
     <code>AuthDigestEnableQueryStringHack</code> environment variable.
     If <code>AuthDigestEnableQueryStringHack</code> is set for the
     request, Apache will take steps to work around the MSIE bug and
-    remove the request URI from the digest comparison.  Using this
+    remove the query string from the digest comparison.  Using this
     method would look similar to the following.</p>
 
     <example><title>Using Digest Authentication with MSIE:</title>
     BrowserMatch "MSIE" AuthDigestEnableQueryStringHack=On
     </example>
+
+    <p>This workaround is not necessary for MSIE 7, though enabling it does
+    not cause any compatibility issues or significant overhead.</p>
 
     <p>See the <directive module="mod_setenvif">BrowserMatch</directive>
     directive for more details on conditionally setting environment