W3C home > Mailing lists > Public > ietf-http-wg@w3.org > October to December 2011

Re: best status code for bad auth method

From: Adrien de Croy <adrien@qbik.com>
Date: Fri, 09 Dec 2011 15:09:22 +1300
Message-ID: <4EE16DD2.50205@qbik.com>
To: HTTP Working Group <ietf-http-wg@w3.org>

407 also implicitly says try again, whereas 403 says don't... so I'm 
leaning towards the 403.

I guess the number of web browsers this will affect is about 0... so 
only un-manned applications will see this

regards

Adrien



On 9/12/2011 3:03 p.m., Adrien de Croy wrote:
>
> that was my initial though too, but in this case we'd already sent a 
> 407 with advertised methods, so the client already got it wrong once...
>
> Regards
>
> Adrien
>
>
> On 9/12/2011 3:02 p.m., Mark Nottingham wrote:
>> I think that'd be a 407; this basically says "here is the list of 
>> accepted auth methods" and the client can put two and two together...
>>
>> Cheers,
>>
>>
>> On 09/12/2011, at 12:57 PM, Adrien de Croy wrote:
>>
>>> Hi all
>>>
>>> hopefully a quick question...
>>>
>>> what is the best response code for a proxy that receives a request 
>>> with a Proxy-Authorization header that specifies a method that is 
>>> not acceptable to the proxy?
>>>
>>> another 407?
>>> 403?  We don't want the client to repeat the request as is...
>>>
>>> or do we need a new status code for "auth method not allowed".
>>>
>>> Regards
>>>
>>> Adrien de Croy
>>>
>>> -- 
>>> Adrien de Croy - WinGate Proxy Server - http://www.wingate.com
>>> WinGate 7 is released! - http://www.wingate.com/getlatest/
>>>
>>>
>> -- 
>> Mark Nottingham   http://www.mnot.net/
>>
>>
>>
>

-- 
Adrien de Croy - WinGate Proxy Server - http://www.wingate.com
WinGate 7 is released! - http://www.wingate.com/getlatest/
Received on Friday, 9 December 2011 02:09:46 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 27 April 2012 06:51:50 GMT