Proxy Auth??? from Paul Leach on 1998-08-07 (ietf-http-wg@w3.org from July to September 1998)

From: Paul Leach <paulle@microsoft.com>
Date: Thu, 6 Aug 1998 23:48:16 -0700
To: http-wg@hplb.hpl.hp.com
Message-Id: <CB6657D3A5E0D111A97700805FFE65875D7429@red-msg-51.dns.microsoft.com>

Is Proxy-Authorization only sent after 407, or can it also be sent after
401? Section 3.6 (entitled Proxy-Authentication and Proxy-Authorization)
says that:
 
Upon receiving a request which requires authentication, the proxy/server
must issue the "HTTP/1.1 401 Unauthorized " response with a
"Proxy-Authenticate" header.

Section 1.2 says:

The 401 (Unauthorized) response message is used by an origin server to
challenge the authorization of a user agent. This response MUST include a
WWW-Authenticate header field containing at least one challenge applicable
to the requested resource. The 407 (Proxy Authentication Required) response
message is used by a proxy to challenge the authorization of a client and
MUST include a Proxy-Authenticate header field containing a challenge
applicable to the proxy for the requested resource.

Received on Thursday, 6 August 1998 23:49:57 UTC