- From: Jamie Lokier <jamie@shareable.org>
- Date: Tue, 30 Mar 2010 00:22:08 +0100
- To: Henrik Nordström <henrik@henriknordstrom.net>
- Cc: Greg Wilkins <gregw@webtide.com>, ietf-http-wg@w3.org
Henrik Nordström wrote: > sön 2010-03-28 klockan 15:20 +0100 skrev Jamie Lokier: > > > > With certain types (Microsoft) of authentication > > You forgot to add "which is not true HTTP authentication schemes". That > family of auth schemes makes many assumptions which is opposite the > intentions of the HTTP specifications so using them as an example when > trying to understand the wording of the specification text is not valid. > > Still interesting when talking about what should be said as they are a > reality and something HTTP has to deal with today, but not when trying > to understand why RFC2616 is written in a certain manner. Agreed, Microsoft's version is not standard HTTP. Regardless of why, it's important to recognise that clients have the option to send the whole request body if they decide to, despite one possible reading of that section of RFC2616 that they must abort. -- Jamie
Received on Monday, 29 March 2010 23:22:39 UTC