- From: Brian Smith <brian@briansmith.org>
- Date: Thu, 28 Aug 2008 10:08:09 -0500
- To: "'Dan Winship'" <dan.winship@gmail.com>, "'Julian Reschke'" <julian.reschke@gmx.de>
- Cc: <ietf-http-wg@w3.org>
Dan Winship wrote: > Julian Reschke wrote: > > I don't think that changing things just because some > > implementations get them wrong is on our agenda. > > I didn't mean to suggest actually changing the header merging rules. > Maybe I should have said "proxies should not merge" rather > than "proxies SHOULD NOT merge". Advice, not requirements. IMO, that is not much different. "SHOULD" is only used for advise; by definition it means the same thing as "RECOMMENDED." > Basically, we know that multiple implementations get this > section wrong in different ways (the cookie spec, the > WWW-Authenticate bugs, the ignoring-multiple-header bugs > Brian mentioned), so this is a really good place to "be > conservative in what you send" (meaning multiples of > Set-Cookie, WWW-Authenticate, and Proxy-Authenticate, and no > multiples of anything else). I agree 100%. Dan, you mentioned 3 of the top 4 browsers cannot handle a merged WWW-Authenticate. Which one got it right? Thanks, Brian
Received on Thursday, 28 August 2008 15:08:43 UTC