Re: Multiple header fields with the same field name - unwritten assumption about quoted commas in values?

On 2013-01-09 18:32, Alexander Dutton wrote:
> Also worth noting the WWW-Authenticate header, which takes
> comma-separated values, themselves containing unquoted commas (and so
> breaks the alleged unwritten rule), e.g.:
>
> WWW-Authenticate: Bearer realm="example.org", error="invalid_token",
> Basic realm="example.org"
>
> The division between items is the comma-space before a token not
> followed by a comma-space.
>
> (Yes, I've had fun because of this)
>
> Yours,
>
> Alex

Indeed. WWW-Authenticate is as bad as Set-Cookie, just in a different 
way. At least it's *possible* to process properly.

See also <http://greenbytes.de/tech/tc/httpauth/#multidisgscheme>.

Best regards, Julian

Received on Wednesday, 9 January 2013 17:40:52 UTC