W3C home > Mailing lists > Public > ietf-http-wg@w3.org > July to September 2008

Re: Set-Cookie vs list header parsing (i129)

From: Jamie Lokier <jamie@shareable.org>
Date: Wed, 20 Aug 2008 14:04:38 +0100
To: Dan Winship <dan.winship@gmail.com>
Cc: Julian Reschke <julian.reschke@gmx.de>, ietf-http-wg@w3.org
Message-ID: <20080820130438.GA1501@shareable.org>

Dan Winship wrote:
> FWIW, 3 out of the big 4 browsers also don't correctly parse multiple
> WWW-Authenticate headers that have been merged into one (even though
> 2617 explicitly points out this possibility). So it might be best to
> just say that intermediaries SHOULD NOT merge headers, except in cases
> where they know it's safe.

Do they handle unmerged, multiple WWW-Authenticate headers correctly?

-- Jamie
Received on Wednesday, 20 August 2008 13:05:14 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 27 April 2012 06:50:54 GMT