W3C home > Mailing lists > Public > ietf-http-wg@w3.org > July to September 2009

Re: [#177] Realm required on challenges

From: Adrien de Croy <adrien@qbik.com>
Date: Tue, 07 Jul 2009 21:11:01 +1200
Message-ID: <4A531125.8060203@qbik.com>
To: Thomas Broyer <t.broyer@gmail.com>
CC: HTTP Working Group <ietf-http-wg@w3.org>

Thomas Broyer wrote:
> On Tue, Jul 7, 2009 at 10:28 AM, Adrien de Croy wrote:
>> I question the validity of requiring that realm be a parameter of every
>> (even new) scheme that has a challenge.
>> I've never seen a browser use the realm for anything other than a label in a
>> dialog box either.
> Plain wrong!
> See http://ltgt.net/tests/http-auth-realm/
OK. Glad to be wrong on that count.

One thing, since most of my experience is associated with proxies.  What 
is the realm supposed to be set for when authenticating to a proxy that 
uses the same credentials for all sites.



> I tested it in IE8, Firefox 3.5, Opera 9.64, Safari 4 and Chrome
> (Dev channel), all on Windows.
> Only Chrome fails the test and do not ask for your credentials when
> going from Foo to Bar the first time; all others take the realm into
> account when storing the credentials for use in subsequent requests;
> realm is not just a label in a dialog box.

Adrien de Croy - WinGate Proxy Server - http://www.wingate.com
Received on Tuesday, 7 July 2009 09:08:11 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 1 March 2016 11:10:50 UTC