- From: Daniel Stenberg <daniel@haxx.se>
- Date: Thu, 2 Mar 2023 17:20:13 +0100 (CET)
- To: "Soni L." <fakedme+http@gmail.com>
- cc: HTTP Working Group <ietf-http-wg@w3.org>
On Thu, 2 Mar 2023, Soni L. wrote: > Is it forbidden to send WWW-Authenticate with 200 and 304 responses? "A server MAY generate a WWW-Authenticate header field in other response messages to indicate that supplying credentials (or different credentials) might affect the response." (RFC 9110 section 11.6.1) > Could it cause any compatibility issues? Possibly. I don't think it is widely used outside of 401s. I don't think you can know for sure until you test it. -- / daniel.haxx.se
Received on Thursday, 2 March 2023 16:20:27 UTC