Several responses in the same page

[rsertelon]

Hi,

I'm using mod_auth_openid 0.6 (this is the newest version on Gentoo's portage).

I have an openid provider over HTTP (without SSL)

I have restricted the access to a HTTPS website with mod_auth_openid.

When I access my restricted website, Chrome shows a strange page. It consists in a 200 OK response followed by a 302 one (with a Location pointing to what seems to be the call to the provider).

Then it hangs. It seems not to happen with Firefox. Is it a Chrome related problem, or is Firefox less strict and can understand the bizarre response coming from Apache?

Thanks for your help!

[rsertelon]

Here is the response (I've cleared long redirect link ;) ):

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>200 OK</title>
</head><body>
<h1>OK</h1>
<p>This server could not verify that you
are authorized to access the document
requested.  Either you supplied the wrong
credentials (e.g., bad password), or your
browser doesn't understand how to supply
the credentials required.</p>
<hr>
<address>Apache Server at [...] Port 443</address>
</body></html>
HTTP/1.1 302 Found
Date: Fri, 28 Sep 2012 14:06:15 GMT
Server: Apache
Location: http://openid.bluepyth.fr/?openid.assoc_handle=[...]
Content-Length: 749
Keep-Alive: timeout=15, max=99
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="http://openid.bluepyth.fr/?openid[...]">here</a>.</p>
<hr>
<address>Apache Server at [...] Port 443</address>
</body></html>

It seems that the 200 request is sent before mod_auth_openid does its job. Then the module does its job, and sends a 302 response.