git
/
nginx
mirror of https://github.com/nginx/nginx.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge 688d4996fe into 78d1ab5a2c

This commit is contained in:
Sravan 2025-10-09 00:34:03 +00:00 committed by GitHub
parent 78d1ab5a2c 688d4996fe
commit fa6ef6e143
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 11 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
src/http/ngx_http_core_module.c
View File

@ -1138,7 +1138,17 @@ ngx_http_core_access_phase(ngx_http_request_t *r, ngx_http_phase_handler_t *ph)
r->access_code = 0;
for (h = r->headers_out.www_authenticate; h; h = h->next) {
h->hash = 0;
// WWW-Authenticate response header is also used to send the
// servers Mutual authentication token to client as response to
// a request with authentication token. Ref: RFC 4559
// Below check skips invalidating the header iff it is a
// SPNEGO Mutual authentication token.
if (ngx_strncmp(h->value.data, "Negotiate ",
ngx_strlen("Negotiate ")) != 0)
{
h->hash = 0;
}
}
r->phase_handler = ph->next;