[Roundup-devel] [ roundup-Bugs-1190187 ] HTTP_AUTHORIZATION breaks login

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 454-5900

Bugs item #1190187, was opened at 2005-04-26 04:40
Message generated for change (Tracker Item Submitted) made by Item Submitter
You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=402788&aid=1190187&group_id=31577

Category: Web interface
Group: 0.8.x
Status: Open
Resolution: None
Priority: 5
Submitted By: Nobody/Anonymous (nobody)
Assigned to: Richard Jones (richard)
Summary: HTTP_AUTHORIZATION breaks login

Initial Comment:
I have following scenario:

roundup tracker (0.8.2) running on localhost, apache +
mod_rewrite is proxying the requests and mapping the
tracker to a server's URL namespace. 

Tracker is accessible from the Internet without any
authorization. This works fine. In order to access the
tracker from the Internet, one has to authorize against
apache (and then, the user is allowed to login to
roundup). The access from the Internet worked fine in
previous releases (0.7.X), but 0.8.X contains "support"
for HTTP_AUTHORIZATION (roundup/cgi/client.py:400 ...),
which breaks the things if:

1) webserver passes REMOTE_USER and HTTP_AUTHORIZATION
variables to roundup
2) REMOTE_USER has a password different to his password
in roundup.

Please provide a configuration option, which will
enable/disable HTTP_AUTH. With the current code and my
config, roundup responses with 403 HTTP responsecode.

----------------------------------------------------------------------

You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=402788&aid=1190187&group_id=31577

[Roundup-devel] [ roundup-Bugs-1190187 ] HTTP_AUTHORIZATION breaks login

Simple-to-use/-install issue-tracking system: web, REST, email, CLI

[Roundup-devel] [ roundup-Bugs-1190187 ] HTTP_AUTHORIZATION breaks login