- From: Julian Reschke <julian.reschke@gmx.de>
- Date: Tue, 16 Apr 2013 14:05:41 +0200
- To: Jan Algermissen <jan.algermissen@nordsc.com>
- CC: ietf-http-wg@w3.org
On 2013-04-16 13:55, Jan Algermissen wrote: > Hi, > > I was wondering whether there can be multiple Authorization headers in an HTTP request. > > AFAIU does not address the question, so I turned to [2] which suggests that there can only be one Authorization header per request. Because Authorization does not have a list value format. > > Is that interpretation correct? > > I am wondering because I understand [1] to say that WWW-Authenticate can indeed be used multiple times. However, WWW-Authenticate also does not have a list value format but is also not listed as an exception in [2], as is Set-Cookie. > > Can anyone clarify? > ... WWW-Authenticate *does* use the list format, so yes, it can be repeated. And no, Authorization does not. Best regards, Julian
Received on Tuesday, 16 April 2013 12:06:12 UTC