This project is archived and is in readonly mode.

#2968 ✓resolved
Adam Milligan

HTTP Digest authentication raise an exception if the client fails to include a nonce

Reported by Adam Milligan | July 28th, 2009 @ 11:51 PM

The HTTP Digest authentication will raise an exception, and return a 500, if the client fails to include a nonce key/value in the Authorization header value. Rather than raise an exception it should simply return 401.

This also happens if the client specifies Basic authentication credentials. Again, it should return 401 rather than 500.

The fix is a single line check. Tests included.

Comments and changes to this ticket

Create your profile

Help contribute to this project by taking a few moments to create your personal profile. Create your profile »

<h2 style="font-size: 14px">Tickets have moved to Github</h2>

The new ticket tracker is available at <a href="https://github.com/rails/rails/issues">https://github.com/rails/rails/issues</a>

People watching this ticket

Attachments

Referenced by

Pages