Ticket #742 (defect)
Opened 1 year ago
Last modified 1 year ago
Attempting to authenticate with POST fails with HTTP 405
Status: closed (fixed)
| Reported by: | peter@ssbg.zetnet.co.uk | Assigned to: | rdelon |
|---|---|---|---|
| Priority: | normal | Milestone: | 3.1 |
| Component: | CherryPy code | Keywords: | |
| Cc: |
In an application that is using the digest_auth tool, if an unauthenticated client initiates authentication with a POST request then the response to the second POST request (the one with the Authorization header) will be an HTTP 405 Method Not Allowed.
This happens because the digest_auth tool is hooked before the request body has been read from the socket. The error handler for the 401 raised by digest_auth neither reads the socket's read buffer not flushes the buffer, with the result that when the next request is made and the server reads the socket at HTTPRequest.parse_request, the previous request's body concatenated to the new request's method.
The error handler should somehow flush the socket when a request fails.
Change History
10/27/07 19:56:12: Modified by fumanchu
- status changed from new to closed.
- resolution set to fixed.
- milestone set to 3.1.
Fixed in [1786].