W3C home > Mailing lists > Public > www-talk@w3.org > November to December 2008

Re: a question about WWW-Authenticate header

From: Manlio Perillo <manlio.perillo@gmail.com>
Date: Sun, 21 Dec 2008 17:19:31 +0100
Message-ID: <494E6C93.5000501@gmail.com>
To: Julian Reschke <julian.reschke@gmx.de>
CC: www-talk@w3.org

Julian Reschke ha scritto:
> Manlio Perillo wrote:
>> Julian Reschke ha scritto:
>>> Manlio Perillo wrote:
>>>> Hi.
>>>>
>>>> What is the "correct" behaviour for an HTTP user agent, when it 
>>>> process a WWW-Authenticate header containing unsupported challenge?
>>>
> [...]
> 
> I think Opera should display it, although I agree there's no clear 
> language in RFC2616/2617 requiring it to do so.
> 
> Out of curiosity, does the situation change when the response uses 
> text/html?
> 

It's the same, Opera does not display it.


Right now, I'm returning a 401 Unauthorized response, *without* the 
WWW-Authenticate header (in violation of the HTTP 1.1 specification), 
and all browsers display the response body.


>  > ...
> 
> BR, Julian
> 


Manlio Perillo
Received on Sunday, 21 December 2008 16:20:58 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Wednesday, 27 October 2010 18:14:29 GMT