absolute URI in request to origin servers which are also proxies.

There is an ambiguity brought about by the requirements of RFC2616 to 
require origin servers to support absolute URI in requests (RFC2616 s 
19.6.1.1).

If you consider the case of a proxy which is also an origin server, then 
you get a problem when the proxy receives a request for a URI for which 
the proxy is an origin server, and that request contains an absolute 
URI, and the proxy requires the client to be authenticated.

In such cases, it's impossible to tell whether to send a 
Proxy-Authenticate, or a WWW-Authenticate header in the response, since 
you can't tell from the syntax of the request whether the client 
believes it is talking to a proxy or an origin server.

I've never seen a client send an absoluteURI in a request to an origin 
server, so the obvious solution is to ignore RFC 19.6.1.1, and base the 
decision on the semantics of the request.

However that doesn't seem like a great option if clients are one day 
going to start send requests to origin servers with absolute URIs.

Should this requirement be deprecated?  Otherwise how should this case 
be handled?  A proxy that can also be an origin server needs to know 
whether the client believes it's talking to a proxy or not for auth and 
other reasons (e.g. default handling of origin-server requests for a 
proxy vs proxy requests).

Regards

Adrien


-- 
Adrien de Croy - WinGate Proxy Server - http://www.wingate.com

Received on Tuesday, 2 June 2009 02:12:51 UTC