#3924 HTTP Digest Authentication with config.action_controller.relative_url_root - Ruby on Rails

Type	To find
responsible:me	tickets assigned to you
tagged:"@high"	tickets tagged @high
milestone:next	tickets in the upcoming milestone
state:invalid	tickets with the state invalid
created:"last week"	tickets created last week
sort:number, importance, updated	tickets sorted by #, importance or updated
Combine keywords for powerful searching.
Use advanced searching »

This project is archived and is in readonly mode.

#3924 ✓stale

HTTP Digest Authentication with config.action_controller.relative_url_root

Reported by Toby Atkin-Wright | February 10th, 2010 @ 06:04 PM

It seems that Rails 2.3.5 doesn't honour the relative_url_root setting in its digest authentication.

I resolved this by changing:

uri    = credentials[:uri][0,1] == '/' ? request.request_uri : request.url

to:

uri = request.env['HTTP_AUTHORIZATION'].match(/uri="(\S*)"/)[1]

module ActionController
  module HttpAuthentication
    module Digest
      def validate_digest_response(request, realm, &password_procedure)

You flagged this item as spam.
Toby Atkin-Wright February 11th, 2010 @ 05:24 PM
The fix works better as
```
uri = request.env['HTTP_AUTHORIZATION'].match(/uri="([^"]*)"/)[1]
```
(The regex I suggest previously doesn't work on IE, as it doesn't leave spaces through the HTTP_AUTHORIZATION string.)

Anyway, the point is that the uri should be read from HTTP_AUTHORIZATION. If we try to construct it from relative_url_root then it isn't obvious whether a trailing slash should be at the end of a root url.
Santiago Pastorino February 2nd, 2011 @ 04:44 PM
- State changed from “new” to “open”
This issue has been automatically marked as stale because it has not been commented on for at least three months.

The resources of the Rails core team are limited, and so we are asking for your help. If you can still reproduce this error on the 3-0-stable branch or on master, please reply with all of the information you have about it and add "[state:open]" to your comment. This will reopen the ticket for review. Likewise, if you feel that this is a very important feature for Rails to include, please reply with your explanation so we can consider it.

Thank you for all your contributions, and we hope you will understand this step to focus our efforts where they are most helpful.
Santiago Pastorino February 2nd, 2011 @ 04:44 PM
- State changed from “open” to “stale”

Help contribute to this project by taking a few moments to create your personal profile. Create your profile »

<h2 style="font-size: 14px">Tickets have moved to Github</h2>

The new ticket tracker is available at <a href="https://github.com/rails/rails/issues">https://github.com/rails/rails/issues</a>