- From: Thomas Kriegelstein <tk4@mail.inf.tu-dresden.de>
- Date: Thu, 20 Feb 2003 03:52:52 -0500 (EST)
- To: www-jigsaw@w3.org
Hi, org/w3c/jigsaw/proxy/ForwardFrame.java (jigsaw 2.2.2) Line 246 sets the Proxy-Authenticate header to null. This header is not supposed to be send by a client or upstream-proxy. This is not the bug but a copy & paste mistake from dupReply. The bug is: According to RFC 2616 section 13.5.1: The Proxy-Authorization header is also a hop-by-hop header. So it should be set to null. Recommended fix: Replace the H_PROXY_AUTHENTICATE in line 246 with H_PROXY_AUTHORIZATION. Another possibility: Set all hop-by-hop headers in dupReply and dupRequest to null. Without distinction between reply and request messages. Without this fix a downstream webserver learns how to authenticate with the proxy! Ciaou, Thomas
Received on Sunday, 23 February 2003 06:10:35 UTC