* modules/aaa/mod_auth_digest.c (add_auth_info): Don't add

notroj · notroj · commit 65d2d856b3d2 · 2026-06-22T18:24:05.000+01:00
(Proxy-)Authentication-Info headers to 401/407 responses.
diff --git a/modules/aaa/mod_auth_digest.c b/modules/aaa/mod_auth_digest.c
@@ -1650,8 +1650,14 @@ static int add_auth_info(request_rec *r)
         return OK;
     }
 
-    /* setup nextnonce
-     */
+    /* Don't add Authentication-Info for 401/407 responses. */
+    if (apr_table_get(r->err_headers_out,
+                      (r->proxyreq == PROXYREQ_PROXY)
+                      ? "Proxy-Authenticate" : "WWW-Authenticate")) {
+        return OK;
+    }
+
+    /* Set up nextnonce for one-time-nonces and expiring-nonce cases. */
     if (conf->nonce_lifetime > 0) {
         /* send nextnonce if current nonce will expire in less than 30 secs */
         if ((r->request_time - resp->nonce_time) > (conf->nonce_lifetime-NEXTNONCE_DELTA)) {
