Eric, That makes perfect sense. You're a Genius; thank you. -- Regards Christopher Keeley Software Engineer Communications and Test JDSU +441752765327 www.jdsu.com NOTICE: JDSU UK Ltd. is registered in England & Wales with company number 00887400. Its registered office is Spinnaker House, Lime Tree Way, Hampshire Int. Business Park, Chineham, Basingstoke RG24 8GG. Information contained in this email is intended for the use of the addressee only, is confidential and may be legally privileged. Any further dissemination, distribution, copying or use of this communication without prior permission of the sender is strictly prohibited. -----Original Message----- From: Eric Covener [mailto:covener@xxxxxxxxx] Sent: 25 March 2011 13:14 To: users@xxxxxxxxxxxxxxxx Subject: Re: http 1.1 authorization header is sent to every resource under a given domain > > I have one completely unsupported theory where the issue is related to the > fact that '/x' is presented by apache as a virtual resource. I wonder if > somehow this ends up mapping the realm to '/' instead of '/x'. I draw this > conclusion from the fact that the browser is pre-empting the Authorization > header to every resource. > close, if you can refactor this to require auth for /x/ with a trailing slash only then the browser would pre-emptively send to things. The problem with auth on /x is that your browser assumes everything under the most recent context root is protected -- which is / --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|