You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by je...@apache.org on 2003/12/27 07:03:45 UTC
cvs commit: httpd-2.0/modules/dav/main mod_dav.c
jerenkrantz 2003/12/26 22:03:44
Modified: . Tag: APACHE_2_0_BRANCH CHANGES
modules/dav/main Tag: APACHE_2_0_BRANCH mod_dav.c
Log:
* modules/dav/main/mod_dav.c (dav_method_copymove): For a 401 on the
destination resource, propagate the WWW-Auth header from the
subrequest back to the client.
Backport of modules/dav/main/mod_dav.c r1.101 from httpd-2.1
PR: 15571
Reviewed by: jorton, trawick, jerenkrantz
Revision Changes Path
No revision
No revision
1.988.2.199 +3 -0 httpd-2.0/CHANGES
Index: CHANGES
===================================================================
RCS file: /home/cvs/httpd-2.0/CHANGES,v
retrieving revision 1.988.2.198
retrieving revision 1.988.2.199
diff -u -u -r1.988.2.198 -r1.988.2.199
--- CHANGES 14 Dec 2003 17:32:02 -0000 1.988.2.198
+++ CHANGES 27 Dec 2003 06:03:44 -0000 1.988.2.199
@@ -1,5 +1,8 @@
Changes with Apache 2.0.49
+ *) mod_dav: Return a WWW-auth header for MOVE/COPY requests where
+ the destination resource gives a 401. PR 15571. [Joe Orton]
+
*) SECURITY [CAN-2003-0020]: Escape arbitrary data before writing
into the errorlog. [Andr� Malo]
No revision
No revision
1.91.2.4 +9 -0 httpd-2.0/modules/dav/main/mod_dav.c
Index: mod_dav.c
===================================================================
RCS file: /home/cvs/httpd-2.0/modules/dav/main/mod_dav.c,v
retrieving revision 1.91.2.3
retrieving revision 1.91.2.4
diff -u -u -r1.91.2.3 -r1.91.2.4
--- mod_dav.c 25 Jun 2003 20:18:32 -0000 1.91.2.3
+++ mod_dav.c 27 Dec 2003 06:03:44 -0000 1.91.2.4
@@ -2618,6 +2618,15 @@
return dav_error_response(r, lookup.err.status, lookup.err.desc);
}
if (lookup.rnew->status != HTTP_OK) {
+ const char *auth = apr_table_get(lookup.rnew->err_headers_out,
+ "WWW-Authenticate");
+ if (lookup.rnew->status == HTTP_UNAUTHORIZED && auth != NULL) {
+ /* propagate the WWW-Authorization header up from the
+ * subreq so the client sees it. */
+ apr_table_set(r->err_headers_out, "WWW-Authenticate",
+ apr_pstrdup(r->pool, auth));
+ }
+
/* ### how best to report this... */
return dav_error_response(r, lookup.rnew->status,
"Destination URI had an error.");