I had a bad problem with mod_proxy vs chromium vs a gwt based app. Every other browser worked fine except chromium for no obvious reason. The server was returning 403 only to chromium. And also without proxy Chromium was working fine.
After quadruple-checking everything is configured correctly I thought maybe digest (server only allows digest auth) generation is wrong with chromium... I saw a couple of digest auth issues in its bug tracker still opened.
So here's the digest generator:
# user:realm:password
HA1="$1"
# request_method:request_uri
HA2="$2"
nonce=$3
getFirst () {
echo -n "$1"
}
md5get () {
local dat="$1"
echo -n `getFirst $(md5sum -b <(printf "%s" "$dat"))`
}
HA1=`md5get "$HA1"`
HA2=`md5get "$HA2"`
res="$HA1:$nonce:$HA2"
echo responce=`md5get "$res"`example:
./digest_auth.sh "admin:SecureRealm:securepassword" "POST:/management" 6ec791feebb1f853f4757330ffed1d8euseful for: verifying client is computing values correctly looking at tcpdump/wireshark log
references: http://en.wikipedia.org/wiki/Digest_access_authentication
how story ended: It turned out only chromium always sends a header named "Origin". It also seems that header can give some CSRF protection so perhaps mod_proxy should learn to handle it. For the time being though this Apache HTTPD directive gets rid of the beast:
RequestHeader unset Origin
No comments:
Post a Comment