Skip to content

Issue #2446 : Fix passing authentication headers#2449

Merged
Alkarex merged 4 commits intoFreshRSS:devfrom
rnc:IS2446
Jul 20, 2019
Merged

Issue #2446 : Fix passing authentication headers#2449
Alkarex merged 4 commits intoFreshRSS:devfrom
rnc:IS2446

Conversation

@rnc
Copy link
Contributor

@rnc rnc commented Jul 20, 2019

…version is high enough

@Alkarex Alkarex added this to the 1.14.3 milestone Jul 20, 2019
@Alkarex Alkarex changed the base branch from master to dev July 20, 2019 13:43
Alkarex
Alkarex reviewed Jul 20, 2019
View reviewed changes
@Alkarex
Copy link
Member

Alkarex commented Jul 20, 2019

I do not know a way to test that CGIPassAuth on can be safely used (testing the version is not enough).
I am a bit hesitant, but I think that only simplifying the rule SetEnvIfNoCase "Authorization" would be better (although I would still be interested in knowing why the current expression does not work in your case).

@rnc
Copy link
Contributor Author

rnc commented Jul 20, 2019

@Alkarex Thats fine - to be honest I've never really used htaccess before so this has been a learning experiment :-) I'll update the PR to remove it.

@Alkarex Alkarex changed the title Issue #2446 : Fix passing authentication headers. Use CGIPassAuth is … Issue #2446 : Fix passing authentication headers Jul 20, 2019
@Alkarex Alkarex merged commit 1aa2af9 into FreshRSS:dev Jul 20, 2019
@Alkarex
Copy link
Member

Alkarex commented Jul 20, 2019

Merged in the /dev branch. Would you be able to test?

@Alkarex Alkarex mentioned this pull request Jul 20, 2019
Closed
@Alkarex
Copy link
Member

Alkarex commented Jul 20, 2019

#2446

Alkarex added a commit that referenced this pull request Jul 21, 2019
@Alkarex
Changelog 2381, 2446
7197c76 
#2446
#2449
#2381
#2442
@rnc rnc deleted the IS2446 branch July 22, 2019 09:34
@rnc
Copy link
Contributor Author

rnc commented Jul 22, 2019

@Alkarex I am using that change at the moment on my server. In terms of testing it, ideally I think a container image (i.e. Docker) but using litespeed instead of Apache might be suitable. However, while I have had a quick play I haven't got litespeed working yet.

mdemoss pushed a commit to mdemoss/FreshRSS that referenced this pull request Mar 25, 2021
@rnc @mdemoss
Issue FreshRSS#2446 : Fix passing authentication headers (FreshRSS#2449)
a5f58d2 
* Issue FreshRSS#2446 : Fix passing authentication headers. Use CGIPassAuth is version is high enough

* Issue FreshRSS#2446 : Remove CGIPassAuth due to potential issues with AllowOverride rights.

* Tabs
mdemoss pushed a commit to mdemoss/FreshRSS that referenced this pull request Mar 25, 2021
@Alkarex @mdemoss
Changelog 2381, 2446
40a574c 
FreshRSS#2446
FreshRSS#2449
FreshRSS#2381
FreshRSS#2442
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Alkarex Alkarex Alkarex left review comments

Assignees

No one assigned

Labels

Security 🛡️

Projects

None yet

Milestone

1.14.3

Development

Successfully merging this pull request may close these issues.

2 participants

@rnc @Alkarex