Open delian opened 9 years ago
I would like this to be merged, just found the same issue, and the fix works.
Can we get this merged. Thanks.
I ran into the same issue and the fix looks good. Can this be merged? Thank you!
This is still an issue 4 years later :(
Is there a reason this change has not been merged?
Hello, I am proposing a little fix that adds req.baseUrl to the req.url to creds.uri checkup and this way allows the passport-http digest authentication to work fine with Express4 and 5 and especially with the relative urls it introduces.
If you build default project with Express4, you cannot simply add passport-http digest authentication to a sand-boxed route file, because digest.js verify req.uri to creds.uri. But req.uri is always relative while creds.uri is always full. Therefore the correct comparison is req.baseUrl+req.url == creds.uri.
This fix is quite simple and works very well to me, while it shall preserve compatibility with the old express versions.
Signed-off-by: Delian Delchev delian.delchev@gmail.com