On Sat, 2005-08-06 at 07:54 -0500, Ben Collins-Sussman wrote:
> The issue here is that the log-fetching is a single HTTP request on
> the parent directory (REPORT). mod_auth_svn says, "ah, anybody can
> read this directory, so I'm not going to ask for authentication at
> all." Then when the log-traversal hits a change that affects the
> restricted area, there's no opportunity to authenticate. The lack of
> authentication is 'permanent' for the whole request, and thus the
> anonymous reader is denied access to the one area.
>
> I can't think of a solution here; there's no way apache can halt in
> the middle of streaming a long response and demand authentication.'d
Right.
You'd need to add some state so that you could do continuations (IE add
a tag saying "continued in next report", end the report, request
authentication, then continue the report)
--Dan
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Sat Aug 6 15:54:33 2005