Feature #4936

Android標準ブラウザに対してWEBrickのDigest認証を行った際の挙動

Added by blue day almost 3 years ago. Updated almost 3 years ago.

[ruby-dev:43965]
Status:Closed
Priority:Low
Assignee:Yui NARUSE
Category:lib
Target version:1.9.3

Description

Android標準ブラウザはDigest認証時に、Authorizationリクエストヘッダで「algorithm=MD5」と送るべきところを「algorithm=md5」としてしまう(小文字で送ってしまう)ため、WEBrickではアルゴリズム不一致として認証に失敗します。

クライアント側のバグではありますが、WEBrickの側で「OperaHack」のような対応はできないでしょうか。

Associated revisions

Revision 32410
Added by Yui NARUSE almost 3 years ago

  • lib/webrick/httpauth/digestauth.rb (_authenticate):
    Literal texts in HTTP ABNF is case-insensitive (RFC2616 2.1),
    and a ample implementation in RFC2617 also ignores the case
    of algorithms. So now this ignores those cases.
    [Feature #4936]

  • lib/webrick/httpauth/digestauth.rb (initialize):
    Because of above, opera_hack is useless and removed.

History

#1 Updated by Yui NARUSE almost 3 years ago

  • Status changed from Open to Assigned
  • Assignee set to Yui NARUSE
  • Target version changed from 2.0.0 to 1.9.3

既に Opera 向けの hack が入ってるようなので Android 向けの対応もまぁいいんじゃないでしょうか。
テスト書いたらコミットします。

#2 Updated by Yui NARUSE almost 3 years ago

  • Status changed from Assigned to Closed
  • % Done changed from 0 to 100

This issue was solved with changeset r32410.
blue, thank you for reporting this issue.
Your contribution to Ruby is greatly appreciated.
May Ruby be with you.


  • lib/webrick/httpauth/digestauth.rb (_authenticate):
    Literal texts in HTTP ABNF is case-insensitive (RFC2616 2.1),
    and a ample implementation in RFC2617 also ignores the case
    of algorithms. So now this ignores those cases.
    [Feature #4936]

  • lib/webrick/httpauth/digestauth.rb (initialize):
    Because of above, opera_hack is useless and removed.

Also available in: Atom PDF