[drupal-devel] [bug] Clean URL test fails if Drupal install uses HTTP auth

Junyor drupal-devel at drupal.org
Sun Mar 27 19:16:22 UTC 2005

Issue status update for http://drupal.org/node/19181

 Project:      Drupal
 Version:      cvs
 Component:    system.module
 Category:     bug reports
 Priority:     normal
 Assigned to:  Anonymous
 Reported by:  Junyor
 Updated by:   Junyor
-Status:       active
+Status:       duplicate

Duplicate of http://drupal.org/node/19515.


Previous comments:

March 20, 2005 - 16:08 : Junyor

The new clean URL test[1] in 4.6 causes problems for sites using HTTP
auth.  The call to /system/test through drupal_http_request() fails
because the username/password is unknown to Drupal.
Moshe proposed the following:
we could resolve this by having the user's browser do the check instead
of the server. basically, use an  tag to do the test and instead of just
returning 200 in the response, the server sets a variable indicating
that clean url is OK. so on the first view of admin/settings, everyone
sees disabled ... this is just one of many possible solutions.

[1] http://drupal.org/node/12384


March 20, 2005 - 16:36 : Junyor

I just looked around a little bit to see if there's some way we could
just set a variable via the .htaccess file if mod_rewrite is enabled
and check that, but I didn't see any way to do that.  I suppose Moshe's
solution would work, but we'd need to put a note in the settings page to
reload it if you want to toggle Clean URL support.


March 21, 2005 - 03:55 : Anonymous

See also: another issue of users having problems with the clean URL
check [1]
[1] http://drupal.org/node/16309


March 21, 2005 - 03:59 : Steven

HTTP auth returns a 401 status code right? We can easily check for that,
but I wonder if it will still return 404s for non-existant files.


March 21, 2005 - 10:21 : Junyor

Yes, I believe HTTP auth returns a 401.  But it returns a 401 even if
the file doesn't exist if you're not authenticated.
Could we do a check for a 401 and if that's the return value, give the
user a chance to manually test?  Alternatively, we could just say the
test could not be performed and leave the radio buttons enabled.

More information about the drupal-devel mailing list