W3C home > Mailing lists > Public > ietf-http-wg@w3.org > July to September 2008

Re: opaque parameter in the Authorization request header

From: Henrik Nordstrom <henrik@henriknordstrom.net>
Date: Wed, 13 Aug 2008 12:15:56 +0200
To: Evgeniy Khramtsov <xramtsov@gmail.com>
Cc: ietf-http-wg@w3.org
Message-Id: <1218622556.25284.22.camel@henriknordstrom.net>
On ons, 2008-08-13 at 18:57 +1000, Evgeniy Khramtsov wrote:

> Currently I'm a spectator of a situation when a client doesn't include 
> an "opaque" field in the "Authorization" header and a server replies 
> with 400 "Authorization should contain opaque". Actually, I don't know 
> who is right: a client or a server?

The way I read it the server is right.

The language isn't fully formal, but it does say should (3.2.1) and
required (3.3), which means a client not returning the opaque is clearly
broken.

And with opaque included in the earlier RFC2069 specifications with
nearly the same language there really is no excuse for not returning
it..

Regards
Henrik

Received on Wednesday, 13 August 2008 10:16:36 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 27 April 2012 06:50:54 GMT