You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by no...@apache.org on 2007/12/02 06:40:49 UTC
svn commit: r600249 -
/httpd/httpd/branches/2.0.x/docs/manual/mod/mod_auth_digest.xml
Author: noodl
Date: Sat Dec 1 21:40:49 2007
New Revision: 600249
URL: http://svn.apache.org/viewvc?rev=600249&view=rev
Log:
Backport 600245 (AuthDigestQueryStringHack for MSIE7)
Modified:
httpd/httpd/branches/2.0.x/docs/manual/mod/mod_auth_digest.xml
Modified: httpd/httpd/branches/2.0.x/docs/manual/mod/mod_auth_digest.xml
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.0.x/docs/manual/mod/mod_auth_digest.xml?rev=600249&r1=600248&r2=600249&view=diff
==============================================================================
--- httpd/httpd/branches/2.0.x/docs/manual/mod/mod_auth_digest.xml (original)
+++ httpd/httpd/branches/2.0.x/docs/manual/mod/mod_auth_digest.xml Sat Dec 1 21:40:49 2007
@@ -85,10 +85,10 @@
</section>
<section id="msie"><title>Working with MS Internet Explorer</title>
- <p>The Digest authentication implementation in current Internet
- Explorer implementations has known issues, namely that <code>GET</code>
- requests with a query string are not RFC compliant. There are a
- few ways to work around this issue.</p>
+ <p>The Digest authentication implementation in previous Internet
+ Explorer for Windows versions (5 and 6) had issues, namely that
+ <code>GET</code> requests with a query string were not RFC compliant.
+ There are a few ways to work around this issue.</p>
<p>
The first way is to use <code>POST</code> requests instead of
@@ -101,12 +101,15 @@
<code>AuthDigestEnableQueryStringHack</code> environment variable.
If <code>AuthDigestEnableQueryStringHack</code> is set for the
request, Apache will take steps to work around the MSIE bug and
- remove the request URI from the digest comparison. Using this
+ remove the query string from the digest comparison. Using this
method would look similar to the following.</p>
<example><title>Using Digest Authentication with MSIE:</title>
BrowserMatch "MSIE" AuthDigestEnableQueryStringHack=On
</example>
+
+ <p>This workaround is not necessary for MSIE 7, though enabling it does
+ not cause any compatibility issues or significant overhead.</p>
<p>See the <directive module="mod_setenvif">BrowserMatch</directive>
directive for more details on conditionally setting environment