Jamie Lokier wrote: > Dan Winship wrote: >> FWIW, 3 out of the big 4 browsers also don't correctly parse multiple >> WWW-Authenticate headers that have been merged into one (even though >> 2617 explicitly points out this possibility). So it might be best to >> just say that intermediaries SHOULD NOT merge headers, except in cases >> where they know it's safe. > > Do they handle unmerged, multiple WWW-Authenticate headers correctly? Yes. This results in Basic auth being performed: WWW-Authenticate: UnknownAuthType realm=Realm1, prop1=value1, prop2=value2 WWW-Authenticate: Basic realm=Realm2 But this does not: WWW-Authenticate: UnknownAuthType realm=Realm1, prop1=value1, prop2=value2, Basic realm=Realm2 -- DanReceived on Wednesday, 20 August 2008 13:55:48 UTC
This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 17:13:37 UTC