W3C home > Mailing lists > Public > ietf-http-wg@w3.org > January to March 2013

Re: Multiple header fields with the same field name - unwritten assumption about quoted commas in values?

From: Julian Reschke <julian.reschke@gmx.de>
Date: Wed, 09 Jan 2013 18:40:23 +0100
Message-ID: <50EDAB87.4050400@gmx.de>
To: Alexander Dutton <alexander.dutton@oucs.ox.ac.uk>
CC: ietf-http-wg@w3.org
On 2013-01-09 18:32, Alexander Dutton wrote:
> Also worth noting the WWW-Authenticate header, which takes
> comma-separated values, themselves containing unquoted commas (and so
> breaks the alleged unwritten rule), e.g.:
> WWW-Authenticate: Bearer realm="example.org", error="invalid_token",
> Basic realm="example.org"
> The division between items is the comma-space before a token not
> followed by a comma-space.
> (Yes, I've had fun because of this)
> Yours,
> Alex

Indeed. WWW-Authenticate is as bad as Set-Cookie, just in a different 
way. At least it's *possible* to process properly.

See also <http://greenbytes.de/tech/tc/httpauth/#multidisgscheme>.

Best regards, Julian
Received on Wednesday, 9 January 2013 17:40:52 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Wednesday, 9 January 2013 17:40:54 GMT