<!-- 
RSS generated by JIRA (9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66) at Thu Feb 08 03:10:09 UTC 2024

It is possible to restrict the fields that are returned in this document by specifying the 'field' parameter in your request.
For example, to request only the issue key and summary append 'field=key&field=summary' to the URL of your request.
-->
<rss version="0.92" >
<channel>
    <title>MongoDB Jira</title>
    <link>https://jira.mongodb.org</link>
    <description>This file is an XML representation of an issue</description>
    <language>en-us</language>    <build-info>
        <version>9.7.1</version>
        <build-number>970001</build-number>
        <build-date>13-04-2023</build-date>
    </build-info>


<item>
            <title>[SERVER-5890] HTTP Digest authentication doesn&apos;t work with Internet Explorer</title>
                <link>https://jira.mongodb.org/browse/SERVER-5890</link>
                <project id="10000" key="SERVER">Core Server</project>
                    <description>&lt;p&gt;When the MongoDB web interface is running on a server and authentication is enabled, clients connecting over the network (i.e. not from localhost) are unable to authenticate with the HTTP interface if their client web browser is Internet Explorer.&lt;/p&gt;</description>
                <environment>Any server platform, web client is Internet Explorer (tested with IE 9)</environment>
        <key id="39293">SERVER-5890</key>
            <summary>HTTP Digest authentication doesn&apos;t work with Internet Explorer</summary>
                <type id="1" iconUrl="https://jira.mongodb.org/secure/viewavatar?size=xsmall&amp;avatarId=14703&amp;avatarType=issuetype">Bug</type>
                                            <priority id="3" iconUrl="https://jira.mongodb.org/images/icons/priorities/major.svg">Major - P3</priority>
                        <status id="6" iconUrl="https://jira.mongodb.org/images/icons/statuses/closed.png" description="The issue is considered finished, the resolution is correct. Issues which are closed can be reopened.">Closed</status>
                    <statusCategory id="3" key="done" colorName="success"/>
                                    <resolution id="9">Done</resolution>
                                        <assignee username="tad">Tad Marshall</assignee>
                                    <reporter username="eliot">Eliot Horowitz</reporter>
                        <labels>
                    </labels>
                <created>Mon, 21 May 2012 21:58:51 +0000</created>
                <updated>Mon, 11 Jul 2016 18:34:41 +0000</updated>
                            <resolved>Mon, 20 Aug 2012 15:43:51 +0000</resolved>
                                    <version>2.0.7</version>
                    <version>2.2.0-rc1</version>
                                    <fixVersion>2.2.1</fixVersion>
                    <fixVersion>2.3.0</fixVersion>
                                    <component>HTTP Console</component>
                                        <votes>0</votes>
                                    <watches>4</watches>
                                                                                                                <comments>
                            <comment id="163631" author="auto" created="Wed, 12 Sep 2012 19:49:27 +0000"  >&lt;p&gt;Author:&lt;/p&gt;
{u&apos;date&apos;: u&apos;2012-08-20T05:21:59-07:00&apos;, u&apos;email&apos;: u&apos;tad@10gen.com&apos;, u&apos;name&apos;: u&apos;Tad Marshall&apos;}
&lt;p&gt;Message: &lt;a href=&quot;https://jira.mongodb.org/browse/SERVER-5890&quot; title=&quot;HTTP Digest authentication doesn&amp;#39;t work with Internet Explorer&quot; class=&quot;issue-link&quot; data-issue-key=&quot;SERVER-5890&quot;&gt;&lt;del&gt;SERVER-5890&lt;/del&gt;&lt;/a&gt; do not require space after comma in Digest HTTP header&lt;/p&gt;

&lt;p&gt;Change the regular expression used to parse the Digest line sent in the&lt;br/&gt;
HTTP GET headers for authentication so that whitespace following a comma&lt;br/&gt;
is optional (and can be other than a single space if it appears).&lt;br/&gt;
Branch: v2.2&lt;br/&gt;
&lt;a href=&quot;https://github.com/mongodb/mongo/commit/d56d8026ba24983ec907dc6b804ade59b4738ac2&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;https://github.com/mongodb/mongo/commit/d56d8026ba24983ec907dc6b804ade59b4738ac2&lt;/a&gt;&lt;/p&gt;</comment>
                            <comment id="154927" author="tad" created="Mon, 20 Aug 2012 15:43:51 +0000"  >&lt;p&gt;Fixed in master.&lt;/p&gt;</comment>
                            <comment id="154922" author="auto" created="Mon, 20 Aug 2012 15:37:16 +0000"  >&lt;p&gt;Author:&lt;/p&gt;
{u&apos;date&apos;: u&apos;2012-08-20T05:21:59-07:00&apos;, u&apos;email&apos;: u&apos;tad@10gen.com&apos;, u&apos;name&apos;: u&apos;Tad Marshall&apos;}
&lt;p&gt;Message: &lt;a href=&quot;https://jira.mongodb.org/browse/SERVER-5890&quot; title=&quot;HTTP Digest authentication doesn&amp;#39;t work with Internet Explorer&quot; class=&quot;issue-link&quot; data-issue-key=&quot;SERVER-5890&quot;&gt;&lt;del&gt;SERVER-5890&lt;/del&gt;&lt;/a&gt; do not require space after comma in Digest HTTP header&lt;/p&gt;

&lt;p&gt;Change the regular expression used to parse the Digest line sent in the&lt;br/&gt;
HTTP GET headers for authentication so that whitespace following a comma&lt;br/&gt;
is optional (and can be other than a single space if it appears).&lt;br/&gt;
Branch: master&lt;br/&gt;
&lt;a href=&quot;https://github.com/mongodb/mongo/commit/d388ca17b0413f7d8d7431e4673de7e6b6eaf444&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;https://github.com/mongodb/mongo/commit/d388ca17b0413f7d8d7431e4673de7e6b6eaf444&lt;/a&gt;&lt;/p&gt;</comment>
                            <comment id="154824" author="tad" created="Mon, 20 Aug 2012 12:16:57 +0000"  >&lt;p&gt;The Digest line in the HTTP GET headers for Digest authentication sent by Internet Explorer does not contain a space after the comma separating components.  Firefox and Chrome mostly follow a comma with a space, except after &quot;qop=auth&quot;.  The regular expression used by MongoDB requires the space.  This makes the entire string following &quot;username&quot; be treated as the username for Internet Explorer.&lt;/p&gt;

&lt;p&gt;Tested with username=&quot;root&quot;, password=&quot;password&quot;:&lt;/p&gt;

&lt;p&gt;Chrome:&lt;/p&gt;
&lt;p/&gt;
&lt;div id=&quot;syntaxplugin&quot; class=&quot;syntaxplugin&quot; style=&quot;border: 1px dashed #bbb; border-radius: 5px !important; overflow: auto; max-height: 30em;&quot;&gt;
&lt;table cellspacing=&quot;0&quot; cellpadding=&quot;0&quot; border=&quot;0&quot; width=&quot;100%&quot; style=&quot;font-size: 1em; line-height: 1.4em !important; font-weight: normal; font-style: normal; color: black;&quot;&gt;
		&lt;tbody &gt;
				&lt;tr id=&quot;syntaxplugin_code_and_gutter&quot;&gt;
						&lt;td  style=&quot; line-height: 1.4em !important; padding: 0em; vertical-align: top;&quot;&gt;
					&lt;pre style=&quot;font-size: 1em; margin: 0 10px;  margin-top: 10px;   margin-bottom: 10px;  width: auto; padding: 0;&quot;&gt;&lt;span style=&quot;color: black; font-family: &apos;Consolas&apos;, &apos;Bitstream Vera Sans Mono&apos;, &apos;Courier New&apos;, Courier, monospace !important;&quot;&gt;Digest username=&quot;root&quot;, realm=&quot;mongo&quot;, nonce=&quot;abc&quot;, uri=&quot;/&quot;, algorithm=MD5, response=&quot;8aab0c6c3009710e7616877af9befad3&quot;, qop=auth,nc=00000001, cnonce=&quot;fe4c9936c14a0c1e&quot;&lt;/span&gt;&lt;/pre&gt;
			&lt;/td&gt;
		&lt;/tr&gt;
			&lt;/tbody&gt;
&lt;/table&gt;
&lt;/div&gt;
&lt;p/&gt;

&lt;p&gt;Firefox:&lt;/p&gt;
&lt;p/&gt;
&lt;div id=&quot;syntaxplugin&quot; class=&quot;syntaxplugin&quot; style=&quot;border: 1px dashed #bbb; border-radius: 5px !important; overflow: auto; max-height: 30em;&quot;&gt;
&lt;table cellspacing=&quot;0&quot; cellpadding=&quot;0&quot; border=&quot;0&quot; width=&quot;100%&quot; style=&quot;font-size: 1em; line-height: 1.4em !important; font-weight: normal; font-style: normal; color: black;&quot;&gt;
		&lt;tbody &gt;
				&lt;tr id=&quot;syntaxplugin_code_and_gutter&quot;&gt;
						&lt;td  style=&quot; line-height: 1.4em !important; padding: 0em; vertical-align: top;&quot;&gt;
					&lt;pre style=&quot;font-size: 1em; margin: 0 10px;  margin-top: 10px;   margin-bottom: 10px;  width: auto; padding: 0;&quot;&gt;&lt;span style=&quot;color: black; font-family: &apos;Consolas&apos;, &apos;Bitstream Vera Sans Mono&apos;, &apos;Courier New&apos;, Courier, monospace !important;&quot;&gt;Digest username=&quot;root&quot;, realm=&quot;mongo&quot;, nonce=&quot;abc&quot;, uri=&quot;/&quot;, algorithm=MD5, response=&quot;d8c92f504a6a1d6117068d005f4b86c9&quot;, qop=auth,nc=00000001, cnonce=&quot;72c992c11b4e452a&quot;&lt;/span&gt;&lt;/pre&gt;
			&lt;/td&gt;
		&lt;/tr&gt;
			&lt;/tbody&gt;
&lt;/table&gt;
&lt;/div&gt;
&lt;p/&gt;

&lt;p&gt;Internet Explorer 9:&lt;/p&gt;
&lt;p/&gt;
&lt;div id=&quot;syntaxplugin&quot; class=&quot;syntaxplugin&quot; style=&quot;border: 1px dashed #bbb; border-radius: 5px !important; overflow: auto; max-height: 30em;&quot;&gt;
&lt;table cellspacing=&quot;0&quot; cellpadding=&quot;0&quot; border=&quot;0&quot; width=&quot;100%&quot; style=&quot;font-size: 1em; line-height: 1.4em !important; font-weight: normal; font-style: normal; color: black;&quot;&gt;
		&lt;tbody &gt;
				&lt;tr id=&quot;syntaxplugin_code_and_gutter&quot;&gt;
						&lt;td  style=&quot; line-height: 1.4em !important; padding: 0em; vertical-align: top;&quot;&gt;
					&lt;pre style=&quot;font-size: 1em; margin: 0 10px;  margin-top: 10px;   margin-bottom: 10px;  width: auto; padding: 0;&quot;&gt;&lt;span style=&quot;color: black; font-family: &apos;Consolas&apos;, &apos;Bitstream Vera Sans Mono&apos;, &apos;Courier New&apos;, Courier, monospace !important;&quot;&gt;Digest username=&quot;root&quot;,realm=&quot;mongo&quot;,nonce=&quot;abc&quot;,uri=&quot;/&quot;,cnonce=&quot;31ce3f19b342bf42113d88384ba4b075&quot;,nc=00000001,algorithm=MD5,response=&quot;bbc113a3a705391060006d2a73249fb2&quot;,qop=&quot;auth&quot;&lt;/span&gt;&lt;/pre&gt;
			&lt;/td&gt;
		&lt;/tr&gt;
			&lt;/tbody&gt;
&lt;/table&gt;
&lt;/div&gt;
&lt;p/&gt;

&lt;p&gt;Richard, I suspect that you were fooled by word wrap in your editor.  There is no line break in the line sent by Internet Explorer.&lt;/p&gt;</comment>
                            <comment id="154209" author="richard@10gen.com" created="Thu, 16 Aug 2012 23:37:21 +0000"  >&lt;p&gt;iereq2.txt &amp;#8211; headers that differ only from req.txt in that there&apos;s a newline and a horizontal tab after the token &quot;Digest&quot; in the &quot;Authorization&quot; header. I think these ought to be conforming HTTP headers, but mongod doesn&apos;t like them.&lt;/p&gt;</comment>
                            <comment id="154208" author="richard@10gen.com" created="Thu, 16 Aug 2012 23:36:02 +0000"  >&lt;p&gt;Saw this problem appear with users running IE7 and IE9. It was not possible to get their IE HTTP headers verbatim, but the only interesting difference between Firefox headers and IE headers was a newline in the Authorization header.&lt;/p&gt;

&lt;p&gt;By inspection, taking the headers my Firefox produces and inserting a newline after the &quot;Digest&quot; token suffices to cause authentication to fail. As it happens, the IE-like header text does not conform to RFC 1945 section 4.2, inasmuch as the line beginning with &quot;username&quot; is not indented in the manner that a continuation line should.&lt;/p&gt;

&lt;p&gt;&lt;a href=&quot;http://www.freesoft.org/CIE/RFC/1945/23.htm&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;http://www.freesoft.org/CIE/RFC/1945/23.htm&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;In any case, mongod&apos;s webserver doesn&apos;t handle conforming headers that employ the indentation-as-continuation syntax. (Will attach another set of headers that I think are conforming but that mongod doesn&apos;t parse properly.)&lt;/p&gt;

&lt;p&gt;During these tests, the admin username was &quot;foo&quot;, with password &quot;bar&quot;.&lt;/p&gt;

&lt;p&gt;The offending code is the implementation of mongo::MiniWebServer::MiniWebServer:getHeader() in util/net/miniwebserver.cpp.&lt;/p&gt;</comment>
                            <comment id="154202" author="richard@10gen.com" created="Thu, 16 Aug 2012 23:23:57 +0000"  >&lt;p&gt;req.txt &amp;#8211; HTTP headers as produced by a recent (ca. Aug 16, 2012) Firefox&lt;/p&gt;

&lt;p&gt;iereq.txt &amp;#8211; HTTP headers mangled from the Firefox headers by inserting a newline after the &quot;Digest&quot; token in the &quot;Authorization&quot; header. By inspection, this is the only interesting difference between Firefox headers and IE headers.&lt;/p&gt;</comment>
                    </comments>
                    <attachments>
                            <attachment id="18810" name="iereq.txt" size="521" author="richard.kreuter" created="Thu, 16 Aug 2012 23:23:57 +0000"/>
                            <attachment id="18813" name="iereq2.txt" size="522" author="richard.kreuter" created="Thu, 16 Aug 2012 23:37:21 +0000"/>
                            <attachment id="18811" name="req.txt" size="520" author="richard.kreuter" created="Thu, 16 Aug 2012 23:23:57 +0000"/>
                    </attachments>
                <subtasks>
                    </subtasks>
                <customfields>
                                                <customfield id="customfield_10050" key="com.atlassian.jira.toolkit:comments">
                        <customfieldname># Replies</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>7.0</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                        <customfield id="customfield_10011" key="com.atlassian.jira.plugin.system.customfieldtypes:radiobuttons">
                        <customfieldname>Backwards Compatibility</customfieldname>
                        <customfieldvalues>
                                <customfieldvalue key="10038"><![CDATA[Fully Compatible]]></customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                            <customfield id="customfield_10055" key="com.atlassian.jira.ext.charting:firstresponsedate">
                        <customfieldname>Date of 1st Reply</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>Thu, 16 Aug 2012 23:23:57 +0000</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10052" key="com.atlassian.jira.toolkit:dayslastcommented">
                        <customfieldname>Days since reply</customfieldname>
                        <customfieldvalues>
                                        11 years, 23 weeks ago
    
                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_18254" key="com.onresolve.jira.groovy.groovyrunner:scripted-field">
                        <customfieldname>Dependencies</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue><![CDATA[]]></customfieldvalue>


                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_15850" key="com.atlassian.jira.plugins.jira-development-integration-plugin:devsummary">
                        <customfieldname>Development</customfieldname>
                        <customfieldvalues>
                            
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    <customfield id="customfield_10057" key="com.atlassian.jira.toolkit:lastusercommented">
                        <customfieldname>Last comment by Customer</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>true</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                            <customfield id="customfield_10056" key="com.atlassian.jira.toolkit:lastupdaterorcommenter">
                        <customfieldname>Last commenter</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>ramon.fernandez@mongodb.com</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_11151" key="com.atlassian.jira.toolkit:LastCommentDate">
                        <customfieldname>Last public comment date</customfieldname>
                        <customfieldvalues>
                            11 years, 23 weeks ago
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                    <customfield id="customfield_10032" key="com.atlassian.jira.plugin.system.customfieldtypes:select">
                        <customfieldname>Operating System</customfieldname>
                        <customfieldvalues>
                                <customfieldvalue key="10026"><![CDATA[ALL]]></customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                <customfield id="customfield_10051" key="com.atlassian.jira.toolkit:participants">
                        <customfieldname>Participants</customfieldname>
                        <customfieldvalues>
                                        <customfieldvalue>auto</customfieldvalue>
            <customfieldvalue>eliot</customfieldvalue>
            <customfieldvalue>richard.kreuter</customfieldvalue>
            <customfieldvalue>tad</customfieldvalue>
    
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                        <customfield id="customfield_14254" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>Product Rank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>1|hro2f3:</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                <customfield id="customfield_12550" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>Rank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>2|hrhmhj:</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10558" key="com.pyxis.greenhopper.jira:gh-global-rank">
                        <customfieldname>Rank (Obsolete)</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>16452</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                            <customfield id="customfield_23361" key="com.onresolve.jira.groovy.groovyrunner:scripted-field">
                        <customfieldname>Requested By</customfieldname>
                        <customfieldvalues>
                                

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                <customfield id="customfield_10166" key="com.atlassian.jira.plugin.system.customfieldtypes:radiobuttons">
                        <customfieldname>Tests Written</customfieldname>
                        <customfieldvalues>
                                <customfieldvalue key="10153"><![CDATA[Unneeded]]></customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10053" key="com.atlassian.jira.ext.charting:timeinstatus">
                        <customfieldname>Time In Status</customfieldname>
                        <customfieldvalues>
                            
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                        <customfield id="customfield_22870" key="com.onresolve.jira.groovy.groovyrunner:scripted-field">
                        <customfieldname>Triagers</customfieldname>
                        <customfieldvalues>
                                

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                    <customfield id="customfield_14350" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>serverRank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>1|ht0rsf:</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                    </customfields>
    </item>
</channel>
</rss>