- From: Sylvain Hellegouarch <sh@defuze.org>
- Date: Thu, 12 Nov 2009 20:25:41 +0100
- To: Thomas Broyer <t.broyer@gmail.com>
- CC: Henrik Nordstrom <henrik@henriknordstrom.net>, Nicolas Alvarez <nicolas.alvarez@gmail.com>, ietf-http-wg@w3.org
Thomas Broyer a écrit : > On Wed, Nov 11, 2009 at 11:52 PM, Henrik Nordstrom wrote: > >> What is unspecified is how the user agent should behave if none of the >> provided challenges is understood. It seems to me that most user agents >> then fall back on basic auth with unspecified realm which imho is not a >> bad thing to do. Both unlikely to be accepted by the server AND exposing >> password details in the plain for no good value, better to abort the >> request with an error. >> > > All user agents I tested just displayed the response entity, except > Opera pre-10 which displayed an error page about the auth scheme not > being recognized: > http://hg.ltgt.net/http-cookie-auth/raw-file/tip/ua-compat.html > > Based on the context this scheme would be used (meaning I assume mostly along with Ajax), I guess this shouldn't be much of a problem anyway. - Sylvain
Received on Thursday, 12 November 2009 19:26:18 UTC