Closed Bug 42795 Opened 25 years ago Closed 25 years ago

Basic Authentication matches HTTP header case-sensitive

Categories

(Core :: Networking, defect, P3)

Product:
Core
Component:
Networking
Type:
defect

Tracking

()

Status:
VERIFIED DUPLICATE of bug 42008

People

(Reporter: mj, Assigned: shaver)

References

(
URL
)

Details

When a server sends a WWW-Authenticate: Basic header, Mozilla matches case-sensitive. This breaks servers that send a different case 'basic' string. According to RFC2068 (HTTP/1.1), section 11: "It uses an extensible, case-insensitive token to identify the authentication scheme, followed by a comma-separated list of attribute-value pairs which carry the parameters necessary for achieving authentication via that scheme." Where in section 11.1 the token for Basic Authentication is defined as 'Basic'. The bug URL points to the place in the code that needs adjusting. To reproduce: 1/ Open up Mozilla (more recent than 2000/06/01) and go to http://www.zopatista.com/manage 2/ When challenged, enter user 'basic_auth', password 'basic_auth' 3/ Error loading URL http://www.zopatista.com/manage Expected to be authenticated, shown Zope management interface (user only has access to view, cannot change anything).
*** This bug has been marked as a duplicate of 42008 ***
Status: NEW → RESOLVED
Closed: 25 years ago
Resolution: --- → DUPLICATE
Verified dupe. Bug 53182 is still open - "login via basic auth does not work"
Status: RESOLVED → VERIFIED
You need to log in before you can comment on or make changes to this bug.