Bug 130179

Summary: [PATCH] www/apache22: Enable passing HTTP 'Authorization' headers as compile time option
Product: Ports & Packages Reporter: Chen-Yu Tsai <wens>
Component: Individual Port(s)Assignee: freebsd-apache (Nobody) <apache>
Status: Closed FIXED    
Severity: Affects Only Me CC: clement
Priority: Normal    
Version: Latest   
Hardware: Any   
OS: Any   
Attachments:
Description Flags
apache-2.2.11.patch none

Description Chen-Yu Tsai 2009-01-05 08:40:01 UTC 
By default Apache does not pass the HTTP 'Authorization' header to
other modules, handlers, CGI, etc.. However there is a compile time
macro 'SECURITY_HOLE_PASS_AUTHORIZATION' that enables apache to
include the content of the header in the environment. This patch
creates an option, when turned on, will define the mentioned macro.

Port maintainer (clement@FreeBSD.org) is cc'd.

Generated with FreeBSD Port Tools 0.77
Comment 1 Pav Lucistnik freebsd_committer freebsd_triage 2009-01-06 12:38:39 UTC 
Responsible Changed
From-To: freebsd-ports-bugs->apache

Assign to maintainer
Comment 2 Philip M. Gollucci freebsd_committer freebsd_triage 2009-01-12 22:55:29 UTC 
with HTTPD PMC hat:
   This is actually going to be removed and *possibly* replaced with a 
run-time option.

With that in mind, I don't think we should add this, as it actually is a 
security concern.
Comment 3 Philip M. Gollucci freebsd_committer freebsd_triage 2009-01-12 22:56:48 UTC 
State Changed
From-To: open->closed

closed