W3C home > Mailing lists > Public > ietf-http-wg@w3.org > October to December 2009

Re: Multiple challenges in a single WWW-Authenticate header field

From: Daniel Stenberg <daniel@haxx.se>
Date: Fri, 4 Dec 2009 08:38:18 +0100 (CET)
To: Eran Hammer-Lahav <eran@hueniverse.com>
cc: "HTTP Working Group (ietf-http-wg@w3.org)" <ietf-http-wg@w3.org>
Message-ID: <alpine.DEB.2.00.0912040831430.31347@tvnag.unkk.fr>
On Thu, 3 Dec 2009, Eran Hammer-Lahav wrote:

> WWW-Autenticate: Basic realm="X1", Digest realm="X1", 
> domain="http://example.com", Basic realm="X2"

I'm hijacking this thread slightly, but I'm still talking a related matter:

Reading this line it made me think. Is there actually any common servers or 
proxies "out there" that merge WWW-Autenticate: or Proxy-Autenticate: headers 
to even provide more than one authenticate method in the same header line? (I 
mean, yes it is allowed and all but does it actually happen in real life?) Or 
of course, like the above example showing *the same* auth method with 
different realms!

I just now checked the libcurl code and that doesn't support "merged" 
Autenticate: headers at all and yet I've never seen anyone report a problem 
with this!


  / daniel.haxx.se
Received on Friday, 4 December 2009 07:38:51 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 1 March 2016 11:10:52 UTC