W3C home > Mailing lists > Public > ietf-http-wg@w3.org > July to September 2008

Re: opaque parameter in the Authorization request header

From: Henrik Nordstrom <henrik@henriknordstrom.net>
Date: Wed, 13 Aug 2008 12:15:56 +0200
To: Evgeniy Khramtsov <xramtsov@gmail.com>
Cc: ietf-http-wg@w3.org
Message-Id: <1218622556.25284.22.camel@henriknordstrom.net>
On ons, 2008-08-13 at 18:57 +1000, Evgeniy Khramtsov wrote:

> Currently I'm a spectator of a situation when a client doesn't include 
> an "opaque" field in the "Authorization" header and a server replies 
> with 400 "Authorization should contain opaque". Actually, I don't know 
> who is right: a client or a server?

The way I read it the server is right.

The language isn't fully formal, but it does say should (3.2.1) and
required (3.3), which means a client not returning the opaque is clearly

And with opaque included in the earlier RFC2069 specifications with
nearly the same language there really is no excuse for not returning


Received on Wednesday, 13 August 2008 10:16:36 UTC

This archive was generated by hypermail 2.4.0 : Thursday, 2 February 2023 18:43:17 UTC