209121 - Digest authentication incorrectly includes fragment identifier in URI when computing A2

Status: RESOLVED FIXED

(Core :: Networking: HTTP, defect, P2)

Description

[Adam D. Bradley]

User-Agent:       Mozilla/5.0 (X11; U; Linux i686) Gecko/20030521 Galeon/1.3.4 Debian/1.3.4.20030526-1
Build Identifier: Mozilla/5.0 (X11; U; Linux i686) Gecko/20030521 Galeon/1.3.4 Debian/1.3.4.20030526-1

When a URI includes a fragment identifier, e.g.:
    http://www.zealforyourhouse.com/authdemo2.php#fragment
Mozilla errantly includes the fragment identifier ("#fragment") in the
digest-uri-value field (uri="...") and when computing A2.

Reproducible: Always

Steps to Reproduce:
1.Go to http://www.zealforyourhouse.com/authdemo2.php
2.Authenticate with username "demo" and password "demo"
3.Use the three links at the bottom; the first behaves normally, the second and
third exhibit the problem behavior.

Actual Results:  
The server-side authentication code has to fall back to using the full URI
provided by Mozilla (including fragment identifier) in order to authenticate the
user.  The contents of the page present the actual computed digest values.

Expected Results:  
Mozilla should have computed A2 (and thus the digest) without including the
fragment identifier ("#frag1") in the Request-URI.

Comment 1

[Darin Fisher]

oops!

Comment 2

[Darin Fisher]

Attachment: v1 patch

simple patch

Comment 3

[Boris Zbarsky [:bzbarsky]]

Comment on attachment 127270 [details] [diff] [review]
v1 patch

sr=me, but wouldn't

+	   if (ref != kNotFound)
+	     path.Truncate(ref);

be simpler?

Comment 4

[Darin Fisher]

thanks bz.. will do.

Comment 5

[Darin Fisher]

fixed-on-trunk