diff options
-rw-r--r-- | Main.hsc | 5 | ||||
-rw-r--r-- | README.md | 5 |
2 files changed, 8 insertions, 2 deletions
@@ -322,9 +322,10 @@ main = do to <- maybe 10 read <$> lookupEnv "TIMEOUT" maybe (respond 504 "") pure =<< timeout (to * 10 ^ (6 :: Int)) (case (lookup "auth" ps, baCredentials =<< BS.pack <$> ha) of + (Just "on", Nothing) -> respond 401 "" + (Just "try", Nothing) -> serve True xsltDir (connectdb "") ps + (Just "fail", _) -> serve True xsltDir (connectdb "") ps (_, Just (l, p)) -> serve False xsltDir (connectdb (connString [("user", l), ("password", p)])) ps - (Just "on", Nothing) -> respond 401 "" - (Just "try", Nothing) -> serve True xsltDir (connectdb "") ps _ -> serve False xsltDir (connectdb "") ps) @@ -75,6 +75,11 @@ a database connection failure was password-related. With `auth=try` pgxhtml would serve pages composed using defaults if no credentials are provided, but with 401 status code. +`auth=fail` would ignore user-provided credentials and serve pages +with 401 status code. It can be used to circumvent poor authentication +handling by some web browsers. + + ### Web server This is intended to be used with an HTTP server, which would take care |