| Package home | Report new bug | New search | Development Roadmap | Status: Open | Feedback | All | Closed Since Version 1.0.0RC8 |
| Request #5363 | 401 in response to OPTIONS request | ||
|---|---|---|---|
| Submitted: | 2005-09-12 09:12 UTC | ||
| From: | pear dot php dot net at chsc dot dk | Assigned: | |
| Status: | Feedback | Package: | HTTP_WebDAV_Server |
| PHP Version: | 5.0.4 | OS: | Linux |
| Roadmaps: | 1.2 | ||
[2005-09-12 09:12 UTC] pear dot php dot net at chsc dot dk
Description:
------------
If the WebDAV server sends a 401 Authorization required response to an OPTIONS request from MS MiniRedir (Microsoft-WebDAV-MiniRedir/5.1.2600), the client gives up and hands over the connection the other client in Win XP, (Microsoft Data Access Internet Publishing Provider Cache Manager). Using MiniRedir is usually preferred over the other client.
An OPTIONS request doesn't reveal much information about the system, so I don't think it would be a big problem if OPTIONS request didn't ask for authorization.
The behaviour can be changed achieved by changing the line
if (!$this->_check_auth()) {
in ServeRequest() to something like
if ($_SERVER['REQUEST_METHOD'] != 'OPTIONS' && !$this->_check_auth()) {
Comments
[2005-09-12 12:55 UTC] pear dot php dot net at chsc dot dk
Summary changed (my browser's auto-fill function filled out the field)
[2006-03-01 15:35 UTC] User who submitted this comment has not confirmed identity
If you submitted this note, check your email.If you do not have a message, click here to re-send MANUAL CONFIRMATION IS NOT POSSIBLE. Write a message to pear-dev@lists.php.net to request the confirmation link. All bugs/comments/patches associated with this email address will be deleted within 48 hours if the account request is not confirmed!
[2009-06-03 17:45 UTC] User who submitted this comment has not confirmed identity
If you submitted this note, check your email.If you do not have a message, click here to re-send MANUAL CONFIRMATION IS NOT POSSIBLE. Write a message to pear-dev@lists.php.net to request the confirmation link. All bugs/comments/patches associated with this email address will be deleted within 48 hours if the account request is not confirmed!