W3C home > Mailing lists > Public > ietf-http-wg@w3.org > July to September 2007

Re: WWW-Authenticate, Authorization and 401's

From: Stefan Eissing <stefan.eissing@greenbytes.de>
Date: Fri, 17 Aug 2007 11:49:00 +0200
Message-Id: <9E1FFFDB-A3D8-4854-AFA2-3E007EDC3E5B@greenbytes.de>
Cc: Mark Nottingham <mnot@mnot.net>, Hugo Haas <hugo@yahoo-inc.com>, ietf-http-wg@w3.org
To: Julian Reschke <julian.reschke@gmx.de>


Am 17.08.2007 um 11:30 schrieb Julian Reschke:
> - force servers not to return a 401 at all.
>
> I think the latter would be bad: in this case I'd prefer a 401 over  
> a 400 or (gasp!) a 200.

Well, sending WWW-Authenticate along with 401 is a MUST. So, how  
would a server send a 401 *without*
  complying to the basic framework Mark is talking about?

//Stefan

--
Stefan Eissing

<green/>bytes GmbH
Hafenweg 16
D-48155 Münster
Germany
Amtsgericht Münster: HRB5782
Received on Friday, 17 August 2007 09:49:43 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 27 April 2012 06:50:15 GMT