Reply to comment

While we appreciate comments from our users, please follow our posting guidelines. Have you tried the Cyotek Forums for support from Cyotek and the community?

Styling with Markdown is supported

Original Comment

Gravatar

dregad

# Reply

This problem was reported here https://mantisbt.org/bugs/view.php?id=26365 and I only recently took notice.

I believe that a more appropriate fix would be to add CGIPassAuth On to the .htaccess file instead of the SetEnvIf directive you suggested, and the Issue's reporter just confirmed that it does address the issue.

This will be fixed in the next release of MantisBT (2.25.8).

Gravatar

Richard Moss

# Reply

Hello,

Thanks for taking the time to comment, and for addressing this in MantisBT! itself.

I just tested this myself, unfortunately I wasn't successful - first I commented out the line I added all those years ago and verified that it went back to the 401 behaviour. Next I added the new line you recommended - unfortunately this appears to be causing a crash somewhere as I get a 500 error response instead. I was using a GUI tool that doesn't provide any more context so I'll need to dig further to see if there is to any clue as to why. Current version I'm using 2.25.6, but off the top of my head I don't recall the PHP version.

Regards; Richard Moss

Gravatar

Richard Moss

# Reply

Hello,

To follow up from my original comment, as noted this doesn't work with whatever configuration issues.cyotek.com uses, the log files show

[core:alert] <path>/api/rest/.htaccess: Invalid command 'CGIPassAuth', perhaps misspelled or defined by a module not included in the server configuration

So I guess there is something missing in the hosting config that doesn't allow this particular setting, still haven't a real clue on Apache or nginx. However, it does suggest that it may not be one-size-fits-all fix for any other affected users, possibly unlike the SetEnvIf directive.

Not sure if you'll get these replies, I think I have an account on Mantis as I logged some other issues with the REST API a few years ago so I will try and comment there.

Regards;
Richard Moss