Upstream: multiple WWW-Authenticate headers (ticket #485).

When using proxy_intercept_errors and an error page for error 401 (Unauthorized), multiple WWW-Authenticate headers from the upstream server response are now properly copied to the response.
leontian · May 30, 2022 · 87465e0 · 87465e0
1 parent 260f488
commit 87465e0
Showing 1 changed file with 17 additions and 9 deletions.
diff --git a/src/http/ngx_http_upstream.c b/src/http/ngx_http_upstream.c
@@ -2647,7 +2647,7 @@ ngx_http_upstream_intercept_errors(ngx_http_request_t *r,
 {
     ngx_int_t                  status;
     ngx_uint_t                 i;
-    ngx_table_elt_t           *h;
+    ngx_table_elt_t           *h, *ho, **ph;
     ngx_http_err_page_t       *err_page;
     ngx_http_core_loc_conf_t  *clcf;
 
@@ -2676,18 +2676,26 @@ ngx_http_upstream_intercept_errors(ngx_http_request_t *r,
             if (status == NGX_HTTP_UNAUTHORIZED
                 && u->headers_in.www_authenticate)
             {
-                h = ngx_list_push(&r->headers_out.headers);
+                h = u->headers_in.www_authenticate;
+                ph = &r->headers_out.www_authenticate;
 
-                if (h == NULL) {
-                    ngx_http_upstream_finalize_request(r, u,
+                while (h) {
+                    ho = ngx_list_push(&r->headers_out.headers);
+
+                    if (ho == NULL) {
+                        ngx_http_upstream_finalize_request(r, u,
                                                NGX_HTTP_INTERNAL_SERVER_ERROR);
-                    return NGX_OK;
-                }
+                        return NGX_OK;
+                    }
+
+                    *ho = *h;
+                    ho->next = NULL;
 
-                *h = *u->headers_in.www_authenticate;
-                h->next = NULL;
+                    *ph = ho;
+                    ph = &ho->next;
 
-                r->headers_out.www_authenticate = h;
+                    h = h->next;
+                }
             }
 
 #if (NGX_HTTP_CACHE)