- From: Adrien de Croy <adrien@qbik.com>
- Date: Mon, 16 Jun 2008 11:27:28 +1200
- To: HTTP Working Group <ietf-http-wg@w3.org>
Hi all.
I've been looking through RFC2617 to try and track down some issues with
basic auth to our proxy.
The specification makes it a requirement that any auth challenge must
include at least one auth param.
challenge = auth-scheme 1*SP 1#auth-param
in the case of Basic, the realm parameter is required.
The description of this realm parameter is confusing. Especially when
considering a proxy. Commonly a proxy will want a realm that means
"everywhere". How should one specify this? would it be
realm="/"
realm="*"
or what? From 2617 s1.2
"The realm directive (case-insensitive) is required for all
authentication schemes that issue a challenge. The realm value
(case-sensitive), in combination with the canonical root URL (the
absoluteURI for the server whose abs_path is empty; see section 5.1.2 of
[2]) of the server being accessed, defines the protection space. "
This talks about an origin server. It doesn't make sense for a proxy.
Realm seems to only be usable within a single server space. Do clients
commonly deem the server in this case to be the proxy?
Browsers seem to behave differently in regards to when they will
automatically re present the same proxy credentials.
Regards
Adrien
--
Adrien de Croy - WinGate Proxy Server - http://www.wingate.com
Received on Sunday, 15 June 2008 23:26:31 UTC