- From: Willy Tarreau <w@1wt.eu>
- Date: Thu, 16 Feb 2012 18:44:00 +0100
- To: Nicolas Mailhot <nicolas.mailhot@laposte.net>
- Cc: ietf-http-wg@w3.org
On Thu, Feb 16, 2012 at 03:36:47PM +0100, Nicolas Mailhot wrote: > Hi, > > Now that browsers have started refusing redirection of https sessions, there > is no clean way for a proxy to point browsers to an https authentication > portal when they need to be authenticated or re-authenticated. > > The 407 error must be extended to indicate the https proxy authentication > portal location to handle the cases where it is not desirable to have proxy > auth transmitted in clear, and clients are too dumb to support anything more > complex than basic auth over http or https. > > (the other ???solution??? is DPI, but that's not really appealing except to proxy > aplicance manufacturers) Well, this is one more reason for urging all browser vendors to support proxying over https. This will put an end to this redirection madness which prevents most HTTP agents from working in such environments (eg: firefox cannot even update itself at a customer's due to such proxies, so everyone uses outdated versions until they decide to download the full image again). Regards, Willy
Received on Thursday, 16 February 2012 17:44:32 UTC