Skip to content

Fix HTTP Auth when internal redirects occur#1772

Merged
Frenzie merged 1 commit intoFreshRSS:devfrom
youknow0:master
Jan 22, 2018
Merged

Fix HTTP Auth when internal redirects occur#1772
Frenzie merged 1 commit intoFreshRSS:devfrom
youknow0:master

Conversation

@youknow0
Copy link
Contributor

@youknow0 youknow0 commented Jan 21, 2018

When Apache performs an internal redirect, it stores the username in the
REDIRECT_REMOTE_USER variable instead of REMOTE_USER, breaking HTTP
authentication. For more information, see this Stack Overflow
discussion:
https://stackoverflow.com/questions/3050444/when-setting-environment-variables-in-apache-rewriterule-directives-what-causes

This PR first tries REMOTE_USER, as before. If it is not set, it checks whether REDIRECT_REMOTE_USER is set.

@youknow0
Fix HTTP Auth when internal redirects occur
6c0b813 
When Apache performs an internal redirect, it stores the username in the
REDIRECT_REMOTE_USER variable instead of REMOTE_USER, breaking HTTP
authentication. For more information, see this Stack Overflow
discussion:
<https://stackoverflow.com/questions/3050444/when-setting-environment-variables-in-apache-rewriterule-directives-what-causes>
@aledeg
Copy link
Member

aledeg commented Jan 21, 2018

Thank you. Do you have a feed we can test on?

@Alkarex
Copy link
Member

Alkarex commented Jan 21, 2018

@aledeg It is for the FreshRSS login, not some feed credentials :-)

@Alkarex Alkarex changed the base branch from master to dev January 21, 2018 19:17
@Alkarex Alkarex added this to the 1.10.0 milestone Jan 21, 2018
@Alkarex
Copy link
Member

Alkarex commented Jan 21, 2018

Thanks @youknow0 , this looks good 👍
I have rebased to the /dev branch.
Please add a line for you in https://github.com/FreshRSS/FreshRSS/blob/dev/CREDITS.md (only if you want)

Frenzie
Frenzie approved these changes Jan 21, 2018
View reviewed changes
Copy link
Member

@Frenzie Frenzie left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm

@aledeg
Copy link
Member

aledeg commented Jan 21, 2018

My bad :)

@youknow0
Copy link
Contributor Author

youknow0 commented Jan 22, 2018

Wow that was quick.

@Alkarex No need to put me in CREDITS file for such a trivial change.

@Frenzie Frenzie merged commit dfc638d into FreshRSS:dev Jan 22, 2018
@Frenzie
Copy link
Member

Frenzie commented Jan 22, 2018

Thanks!

@marienfressinaud
Copy link
Member

marienfressinaud commented Jan 22, 2018

I'm also quite impressed by your reactivity, well done guys! 🥇 :)

Alkarex added a commit that referenced this pull request Jan 26, 2018
@Alkarex
Changelog and credits
c4bb2b7 
#603
#1400
#1545
#1714
#1769
#1772
@Alkarex
Copy link
Member

Alkarex commented Jan 26, 2018

@youknow0 I have added you to the credits c4bb2b7
We want to acknowledge even small contributions :-)

@Alkarex Alkarex modified the milestones: 1.11.0, 1.10.0 Feb 5, 2018
@Alkarex Alkarex mentioned this pull request Feb 14, 2018
Merged
@Alkarex Alkarex mentioned this pull request Jan 1, 2019
Merged
mdemoss pushed a commit to mdemoss/FreshRSS that referenced this pull request Mar 25, 2021
@youknow0 @mdemoss
[fix] Login: HTTP Auth when internal redirects occur (FreshRSS#1772)
18d4562 
When Apache performs an internal redirect, it stores the username in the
REDIRECT_REMOTE_USER variable instead of REMOTE_USER, breaking HTTP
authentication. For more information, see this Stack Overflow
discussion:
<https://stackoverflow.com/questions/3050444/when-setting-environment-variables-in-apache-rewriterule-directives-what-causes>

This commit first tries REMOTE_USER, as before. If it is not set, it checks whether REDIRECT_REMOTE_USER is set.
mdemoss pushed a commit to mdemoss/FreshRSS that referenced this pull request Mar 25, 2021
@Alkarex @mdemoss
Changelog and credits
e6cc86b 
FreshRSS#603
FreshRSS#1400
FreshRSS#1545
FreshRSS#1714
FreshRSS#1769
FreshRSS#1772
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Frenzie Frenzie Frenzie approved these changes

@Alkarex Alkarex Alkarex approved these changes

Assignees

No one assigned

Labels

Security 🛡️

Projects

None yet

Milestone

1.10.0

Development

Successfully merging this pull request may close these issues.

5 participants

@youknow0 @aledeg @Alkarex @Frenzie @marienfressinaud