Skip to content

fixed handling of stale nonces in the HTTP Digest Auth implementation#11

Open
rhaberkorn wants to merge 1 commit into
gvalkov:masterfrom
metratec:stale-nonce
Open

fixed handling of stale nonces in the HTTP Digest Auth implementation#11
rhaberkorn wants to merge 1 commit into
gvalkov:masterfrom
metratec:stale-nonce

Conversation

@rhaberkorn

Copy link
Copy Markdown

The stale=true attribute was not sent in the resulting challenge that the server sends, so clients/browsers would unnecessarily ask for the credentials again.

You may want to edit this change if you disagree with the way I pass on the information that the nonce is stale. Actually, I do not understand why you are throwing AuthError in DigestAuthMixin.verify_opaque() in the first place instead of always throwing DigestAuthMixin.SendChallenge().

The stale=true attribute was not sent in the resulting challenge that the server sends,
so clients/browsers would unnecessarily ask for the credentials again.
@rhaberkorn

Copy link
Copy Markdown
Author

@gvalkov ping

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant