Dan Winship wrote: > Julian Reschke wrote: > > I don't think that changing things just because some > > implementations get them wrong is on our agenda. > > I didn't mean to suggest actually changing the header merging rules. > Maybe I should have said "proxies should not merge" rather > than "proxies SHOULD NOT merge". Advice, not requirements. IMO, that is not much different. "SHOULD" is only used for advise; by definition it means the same thing as "RECOMMENDED." > Basically, we know that multiple implementations get this > section wrong in different ways (the cookie spec, the > WWW-Authenticate bugs, the ignoring-multiple-header bugs > Brian mentioned), so this is a really good place to "be > conservative in what you send" (meaning multiples of > Set-Cookie, WWW-Authenticate, and Proxy-Authenticate, and no > multiples of anything else). I agree 100%. Dan, you mentioned 3 of the top 4 browsers cannot handle a merged WWW-Authenticate. Which one got it right? Thanks, BrianReceived on Thursday, 28 August 2008 15:08:43 UTC
This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 17:13:37 UTC