W3C home > Mailing lists > Public > ietf-http-wg@w3.org > January to March 2009

Re: Proposal: 3xx (Unauthorized, See Other) status

From: Thomas Broyer <t.broyer@gmail.com>
Date: Sun, 1 Feb 2009 11:25:54 +0100
Message-ID: <a9699fd20902010225h29b09c9byc7f3b58214829afe@mail.gmail.com>
To: ietf-http-wg@w3.org

Hi Mark,

On Fri, Jan 23, 2009 at 1:25 AM, Mark Nottingham wrote:
> We're not chartered to do extension work, but you can certainly use the
> mailing list for review and discussion.
> BTW, this sounds a little bit like a previous discussion;
>  http://www.w3.org/mid/76F49FF4-54D7-4917-85A3-A0D648E57C7E@mnot.net

Thanks for the pointer!

For those interested, I conducted some tests on 5 browsers (IE7,
Safari 3.2.1, Opera 9.63, Firefox 3.0.5 and Chrome; all on
Windows Vista). The tests were done with *.asis files served first
with Apache mod_asis (to ensure proper HTTP) and then with a dummy
HTTP server [1] (to ensure no transformation on response headers).
Results were identical whichever the serving method. Here they are:

No browser ever redirected to the given location (which is probably a
good thing). Given the use of WWW-Authenticate / Cookie, Opera showed
an error page. I also tried with a 401 without WWW-Authenticate in
Opera, and it then displayed the returned entity, just like the other

Only Safari honors the redirect, others just display the response as
if it had been sent with a 200 status.

Same as above (note that Opera doesn't choke on the WWW-Authenticate
as it's not sent in a 401)

This tends to suggest that a 401 (or 407, or eventually 403 or 402, in
the case you reported two years ago) with a custom WWW-Authenticate
(or no WWW-Authenticate at all?) would be the solution with best
compatibility among existing browsers (I didn't tried other UAs, such
as wget); with a Refresh response header, "meta refresh" in the HTML
body and/or javascript if you want/need to redirect.

[1] http://hg.ltgt.net/http-cookie-auth/raw-file/tip/tests/asis.py

Thomas Broyer
Received on Sunday, 1 February 2009 10:26:31 UTC

This archive was generated by hypermail 2.3.1 : Thursday, 1 October 2015 05:36:32 UTC