summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authordefanor <defanor@uberspace.net>2019-03-31 05:45:39 +0300
committerdefanor <defanor@uberspace.net>2019-03-31 05:45:39 +0300
commite39c287569a20fc070b6ccdf52d339a7da1e11cf (patch)
tree7f764e3b9228da2406ffa7b77eed931b6b74d3ef
parent7897035179f7eebaf149d75e772ec3d99d56708d (diff)
downloadpgxhtml-e39c287569a20fc070b6ccdf52d339a7da1e11cf.zip
pgxhtml-e39c287569a20fc070b6ccdf52d339a7da1e11cf.tar.gz
pgxhtml-e39c287569a20fc070b6ccdf52d339a7da1e11cf.tar.bz2
Handle `auth=fail`HEADmaster
Ignore credentials provided by a user, serve documents with status code 401.
-rw-r--r--Main.hsc5
-rw-r--r--README.md5
2 files changed, 8 insertions, 2 deletions
diff --git a/Main.hsc b/Main.hsc
index 53a9a2f..f75d69e 100644
--- a/Main.hsc
+++ b/Main.hsc
@@ -322,9 +322,10 @@ main = do
to <- maybe 10 read <$> lookupEnv "TIMEOUT"
maybe (respond 504 "") pure =<< timeout (to * 10 ^ (6 :: Int))
(case (lookup "auth" ps, baCredentials =<< BS.pack <$> ha) of
+ (Just "on", Nothing) -> respond 401 ""
+ (Just "try", Nothing) -> serve True xsltDir (connectdb "") ps
+ (Just "fail", _) -> serve True xsltDir (connectdb "") ps
(_, Just (l, p)) ->
serve False xsltDir
(connectdb (connString [("user", l), ("password", p)])) ps
- (Just "on", Nothing) -> respond 401 ""
- (Just "try", Nothing) -> serve True xsltDir (connectdb "") ps
_ -> serve False xsltDir (connectdb "") ps)
diff --git a/README.md b/README.md
index f5343e9..5b712c2 100644
--- a/README.md
+++ b/README.md
@@ -75,6 +75,11 @@ a database connection failure was password-related.
With `auth=try` pgxhtml would serve pages composed using defaults if
no credentials are provided, but with 401 status code.
+`auth=fail` would ignore user-provided credentials and serve pages
+with 401 status code. It can be used to circumvent poor authentication
+handling by some web browsers.
+
+
### Web server
This is intended to be used with an HTTP server, which would take care