Project

General

Profile

Bug #2541

HTTP 401 Unauthorized only sent back after full POST request is read.

Added by tcely over 3 years ago. Updated over 1 year ago.

Status:
Fixed
Priority:
Normal
Assignee:
-
Category:
core
Target version:
Start date:
2013-12-19
Due date:
% Done:

100%

Estimated time:
Missing in 1.5.x:
No

Description

For IE 11 at least, sending back the 401 after the request headers will cause it to stop trying to upload the (potentially very large) post body when HTTP authorization is required.

It'd be great if lighttpd could send back the 401 without the browser sending the full file, only to send it again with the Authorization header on the second try.

Associated revisions

Revision c263bc6a (diff)
Added by gstrauss over 1 year ago

defer reading request body until handle subrequest (fixes #2541)

read request body right before calling subrequest handler,
allowing request to be handled prior to reading request body,
e.g. to send 401 Unauthorized response when authentication is required

(In the future, this might move into each dynamic handler which supports
request body (mod_cgi, mod_fastcgi, mod_proxy, mod_scgi, mod_webdav) so
that each dynamic handler can choose whether or not to buffer request
body or to stream request body to backend as request body is received.)

keep-alive is disabled if request body has not been completely read
prior to sending response

x-ref:
"HTTP 401 Unauthorized only sent back after full POST request is read"
https://redmine.lighttpd.net/issues/2541

History

#1 Updated by gstrauss over 1 year ago

  • Status changed from New to Patch Pending
  • Target version set to 1.4.40

#2 Updated by gstrauss over 1 year ago

  • Status changed from Patch Pending to Fixed
  • % Done changed from 0 to 100

Also available in: Atom