- From: Daniel Stenberg <daniel@haxx.se>
- Date: Fri, 9 Dec 2011 08:47:56 +0100 (CET)
- To: Adrien de Croy <adrien@qbik.com>
- cc: HTTP Working Group <ietf-http-wg@w3.org>
On Fri, 9 Dec 2011, Adrien de Croy wrote: > 407 also implicitly says try again, whereas 403 says don't... so I'm leaning > towards the 403. > > I guess the number of web browsers this will affect is about 0... so only > un-manned applications will see this Surely 407 is already in wide use for this? I would expect many proxies to just not care about non-supported auth methods and since it didn't find a correct auth header, it would respond with a 407. And in regards to it saying the client should try again, I consider it similar to sending an auth header with bad credentials compared to no credentials. The client must know what it did before when it gets a 407 back, and then change it accordingly before it tries again. -- / daniel.haxx.se
Received on Friday, 9 December 2011 07:48:39 UTC