Home/ Questions/Q 802171
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-14T23:33:35+00:00

I have a RESTful API set up and working with CakePHP using mapResources() and

  • 0

I have a RESTful API set up and working with CakePHP using mapResources() and parseExtensions(). Authentication is handled by CakePHP’s security component using HTTP Digest Authentication.

Everything works fine, unless I add parameters to the url, in the form:

http://example.com/locations.xml?distance=4

Which causes the authentication to always fail. Any ideas?

Edit:
This seems to be an issue with the regex in parseDigestAuthData(). There’s a semi-fix here: http://old.nabble.com/paginator-conflicts-with-Security-%3ErequireLogin—td16301573.html which now allows me to use the format:

http://example.com/locations/index/distance:4/.xml

But that’s not RESTful and doesn’t look all that pretty. Still, getting closer!

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Solved:

    /cake/libs/controller/components/security.php:386

    change

    preg_match_all('@(\w+)=([\'"]?)([a-zA-Z0-9=./\_-]+)\2@', $digest, $match, PREG_SET_ORDER);

    to

    preg_match_all('@(\w+)=([\'"]?)([a-zA-Z0-9=./?&\_-]+)\2@', $digest, $match, PREG_SET_ORDER);

    Parameters can now be passed in the form /locations.xml?key=value with Digest Authentication enabled.

    • 0