W3C home > Mailing lists > Public > xproc-dev@w3.org > December 2010

RE: p:http-request and HTTP re-directs

From: Philip Fennell <Philip.Fennell@marklogic.com>
Date: Sun, 12 Dec 2010 22:48:45 -0800
To: Florent Georges <fgeorges@fgeorges.org>
CC: XProc Dev <xproc-dev@w3.org>
Message-ID: <D20C296D14127D4EBD176AD949D8A75A4734D65C@EXCHG-BE.marklogic.com>
Florent,

> whether a client should send the authentication infos when following a 301 (sounds dangerous to me

Now you come to mention it, you might be right.

> Maybe a HTTP tool to dump the requests could help here.

Although I know the username/password is correct it wouldn't do any harm to check.


Many thanks

Philip


-----Original Message-----
From: fgeorges@gmail.com [mailto:fgeorges@gmail.com] On Behalf Of Florent Georges
Sent: 10 December, 2010 7:01 PM
To: Philip Fennell
Cc: XProc Dev
Subject: Re: p:http-request and HTTP re-directs

On 10 December 2010 16:50, Philip Fennell wrote:

  Hi,

> and the response from the service a 301 redirect why would I
> get a 401 response from the service I was redirected to? After
> all, I have provided the username/password for that service.

  Interesting.  I don't have the answer for this particular case,
unfortunately, but I am interested in the case.  This is unclear
to me (from both the HTTP 1.1 and HTTP Authentication RFCs)
whether a client should send the authentication infos when
following a 301 (sounds dangerous to me, in particular with the
Basic scheme).  But I don't have the definitive answer here, I am
not a HTTP expert...

  Second, are you sure Calabash does not send the authentication
infos when following the redirect?  I mean, maybe it does but the
target server does respond 401 because the credentials are not
valid (401 is returned both when there is no credentials at all
and when they are incorrect).  Maybe a HTTP tool to dump the
requests could help here.

  Regards,

-- 
Florent Georges
http://fgeorges.org/
Received on Monday, 13 December 2010 06:49:15 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Monday, 13 December 2010 06:49:16 GMT