[nginx] Auth request: fixed prefix variables handling.

[Maxim Dounin]

details:   http://freenginx.org/hg/nginx/rev/bb638269f1e3
branches:  
changeset: 9552:bb638269f1e3
user:      Maxim Dounin <mdounin at mdounin.ru>
date:      Mon Jun 08 17:53:35 2026 +0300
description:
Auth request: fixed prefix variables handling.

Previously, auth_request_set did not use the NGX_HTTP_VAR_WEAK flag,
and using auth_request_set with a prefix variable anywhere in the
configuration resulted in an empty value of the variable in other
contexts.  For example, in the following configuration the $http_foo
variable was always empty in requests to "/", even if the "Foo" header
was present in requests:

    location / {
        return 200 $http_foo;
    }

    location /protected/ {
        auth_request /auth;
        auth_request_set $http_foo "set";
        ...
    }

The fix is to use the NGX_HTTP_VAR_WEAK flag, much like the "set"
directive does.

diffstat:

 src/http/modules/ngx_http_auth_request_module.c |  3 ++-
 1 files changed, 2 insertions(+), 1 deletions(-)

diffs (13 lines):

diff --git a/src/http/modules/ngx_http_auth_request_module.c b/src/http/modules/ngx_http_auth_request_module.c
--- a/src/http/modules/ngx_http_auth_request_module.c
+++ b/src/http/modules/ngx_http_auth_request_module.c
@@ -419,7 +419,8 @@ ngx_http_auth_request_set(ngx_conf_t *cf
         return NGX_CONF_ERROR;
     }
 
-    v = ngx_http_add_variable(cf, &value[1], NGX_HTTP_VAR_CHANGEABLE);
+    v = ngx_http_add_variable(cf, &value[1],
+                              NGX_HTTP_VAR_CHANGEABLE|NGX_HTTP_VAR_WEAK);
     if (v == NULL) {
         return NGX_CONF_ERROR;
     }