- From: Jan Algermissen <jan.algermissen@nordsc.com>
- Date: Tue, 16 Apr 2013 13:55:07 +0200
- To: ietf-http-wg@w3.org
Hi, I was wondering whether there can be multiple Authorization headers in an HTTP request. AFAIU does not address the question, so I turned to [2] which suggests that there can only be one Authorization header per request. Because Authorization does not have a list value format. Is that interpretation correct? I am wondering because I understand [1] to say that WWW-Authenticate can indeed be used multiple times. However, WWW-Authenticate also does not have a list value format but is also not listed as an exception in [2], as is Set-Cookie. Can anyone clarify? Jan [1] http://tools.ietf.org/html/draft-ietf-httpbis-p7-auth-22 [2] http://tools.ietf.org/html/draft-ietf-httpbis-p1-messaging-22#section-3.2.2
Received on Tuesday, 16 April 2013 11:55:33 UTC