This project is archived and is in readonly mode.

#1848 ✓resolved
Don Parish

Patch to fix broken HTTP Digest Authentication

Reported by Don Parish | February 2nd, 2009 @ 09:30 PM | in 2.3.4

Found a problem while trying to use http digest authentication at The digest authentication failed using both IE and FireFox. The current implementation is using the actual URI from the request instead of the URI passed in the authentication header, which is stored in the credentials hash. It seems as if the client is responsible for the URI passed in. It could be an absolute URI, as suggested in, but every example I've seen, only the relative path is used.

With the attached change, the tests pass, and the digest authentication work with my test controller using IE and FireFox on Windows.

Comments and changes to this ticket

Create your profile

Help contribute to this project by taking a few moments to create your personal profile. Create your profile »

<h2 style="font-size: 14px">Tickets have moved to Github</h2>

The new ticket tracker is available at <a href=""></a>

People watching this ticket

Referenced by