Adam
2009-Jul-28 22:53 UTC
HTTP Digest authentication raises exception if the nonce is missing.
The HTTP Digest authentication will raise an exception, and return a 500, if the client fails to include a nonce key/value in the Authorization header value. Rather than raise an exception it should simply return 401. This also happens if the client specifies Basic authentication credentials. Again, it should return 401 rather than 500. Patch here: https://rails.lighthouseapp.com/projects/8994/tickets/2968-http-digest-authentication-raise-an-exception-if-the-client-fails-to-include-a-nonce . Tests included.