problem with http_authentication + apache2 + mod_fcgid

Hi,

I'm using the http_authentication plugin, and everything's working fine in my development environment with webrick. However, when I run on my production platform of apache2+mod_fcgid, authenticate_or_request_with_http_basic() always returns false, and (more interestingly) never processes the block. See example below.

Here's my setup: * apache 2.0.55 * libapache2-mod-fcgid 1.07-1 * ruby 1.8.2-1 * libfcgi-ruby1.8 0.8.6-1 * rails 1.2.3 * http_authentication r6836 from http://svn.rubyonrails.org/rails/plugins (hasn't changed since 2006-12-02?)

For an example, in the following test code, the second debug message (with username and password) is never reached.

OK, figured this one out. In case anyone else is interested, here's the deal.

Apache does not, by default, pass authorization headers to CGI scripts. You can read up a bit about this at:   http://wiki.rubyonrails.org/rails/pages/HowtoAuthenticateWithHTTP

Long story short, I had to modify the fcgid RewriteRule and make a small change to the http_authentication code to allow it to recognize REDIRECT_HTTP_AUTHORIZATION. I also applied a change from the Rails edge version of http_authentication.

Patch below:

Index: public/.htaccess