From: SourceForge.net <no...@so...> - 2005-04-26 11:40:22
|
Bugs item #1190187, was opened at 2005-04-26 04:40 Message generated for change (Tracker Item Submitted) made by Item Submitter You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=402788&aid=1190187&group_id=31577 Category: Web interface Group: 0.8.x Status: Open Resolution: None Priority: 5 Submitted By: Nobody/Anonymous (nobody) Assigned to: Richard Jones (richard) Summary: HTTP_AUTHORIZATION breaks login Initial Comment: I have following scenario: roundup tracker (0.8.2) running on localhost, apache + mod_rewrite is proxying the requests and mapping the tracker to a server's URL namespace. Tracker is accessible from the Internet without any authorization. This works fine. In order to access the tracker from the Internet, one has to authorize against apache (and then, the user is allowed to login to roundup). The access from the Internet worked fine in previous releases (0.7.X), but 0.8.X contains "support" for HTTP_AUTHORIZATION (roundup/cgi/client.py:400 ...), which breaks the things if: 1) webserver passes REMOTE_USER and HTTP_AUTHORIZATION variables to roundup 2) REMOTE_USER has a password different to his password in roundup. Please provide a configuration option, which will enable/disable HTTP_AUTH. With the current code and my config, roundup responses with 403 HTTP responsecode. ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=402788&aid=1190187&group_id=31577 |