On Thu, Feb 23, 2023 at 04:16:28AM -0500, Jeff King wrote:
> Hmm, today I learned about NPH scripts.
>
> Obviously it works here, but I have to wonder: is there a reason we need
> this? AFAICT the only thing we do is set the HTTP response code, which
> could also be done with a Status: header.
>
> I.e., this passes your test:
Having looked at patch 3 now, this also needs:
diff --git a/t/t5563-simple-http-auth.sh b/t/t5563-simple-http-auth.sh
index 64d2acd032..afdf388677 100755
--- a/t/t5563-simple-http-auth.sh
+++ b/t/t5563-simple-http-auth.sh
@@ -37,7 +37,7 @@ expect_credential_query () {
per_test_cleanup () {
rm -f *.cred &&
- rm -f "$HTTPD_ROOT_PATH"/custom-auth.*
+ rm -f "$HTTPD_ROOT_PATH"/custom-auth.valid "$HTTPD_ROOT_PATH"/custom-auth.challenge
}
test_expect_success 'setup repository' '
or comedy ensues. But more importantly, realized why you want to use NPH
here. Apache will happily munge:
WWW-Authenticate: foo
WWW-Authenticate: bar
into:
WWW-Authenticate: foo, bar
and you want to stress the parser with specific syntactic forms. So that
makes sense, and I agree NPH is the right solution here.
I think you did try to say this in the commit message as:
Leverage a no-parsed headers (NPH) CGI script so that we can directly
control the HTTP responses to simulate a multitude of good, bad and
ugly remote server implementations around auth.
but I was too dense to realize quite what that meant. :)
-Peff
