Package home | Report new bug | New search | Development Roadmap Status: Open | Feedback | All | Closed Since Version 0.3.2

Bug #17520 Always include a challenge on code 401
Submitted: 2010-06-24 01:01 UTC
From: voxpelli Assigned:
Status: Open Package: HTTP_OAuth (version SVN)
PHP Version: Irrelevant OS:
Roadmaps: (Not assigned)    
Subscription  
Comments Add Comment Add patch


Anyone can comment on a bug. Have a simpler test case? Does it work for you on a different platform? Let us know! Just going to say 'Me too!'? Don't clutter the database with that please !
Your email address:
MUST BE VALID
Solve the problem : 31 + 9 = ?

 
 [2010-06-24 01:01 UTC] voxpelli (Pelle Wessman)
Description: ------------ In HTTP_OAuth_Provider_Response::setStatus() when you set the status to 401 you should also, according to 14.47 in RFC 2616 http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.47 , set a WWW-Authenticate header that indicates how to fulfill the challenge. Right now the only place such a header is set is if HTTP_OAuth_Provider_Response::setRealm() is called - but a realm is no requirement to present such a challenge. Perhaps the code should be refactored so that the WWW-Authenticate header is always set in HTTP_OAuth_Provider_Response::setStatus() and that HTTP_OAuth_Provider_Response::setRealm() only sets an internal variable.

Comments