- From: Julian Reschke <julian.reschke@gmx.de>
- Date: Wed, 30 Oct 2013 16:31:11 +0100
- To: Bjoern Hoehrmann <derhoermi@gmx.net>
- CC: ietf-http-wg@w3.org
On 2013-10-30 16:13, Bjoern Hoehrmann wrote: > * Julian Reschke wrote: >> On 2013-10-30 15:40, Bjoern Hoehrmann wrote: >>> The intent may have been to emphasise that having only one challenge per >>> WWW-Authenticate header does not mean no special care has to be taken. I >>> agree that it can be confusing; replacing the sub clause by "and" should >>> be fine. >> >> Not sure what your proposal is. > > s/if more than one WWW-Authenticate header field is provided/and/ would > be a minimal solution that addresses the problem. > >> How about: >> >> "User agents are advised to take special care in parsing the >> WWW-Authenticate header field, as each field value can contain more than >> one challenge, and the header field itself can occur multiple times. >> Furthermore, the contents of a single challenge can contain a >> comma-separated list of authentication parameters." > > That would also work, but editorially it would be better to keep the two > comma cases together (comma separates challenges; comma separates para- > meters in challenges; then mention multiple headers). Yup. "User agents are advised to take special care in parsing the WWW-Authenticate header field, as each field value can contain more than one challenge, and each challenge can contain a comma-separated list of authentication parameters. Furthermore, the header field itself can occur multiple times." Best regards, Julian
Received on Wednesday, 30 October 2013 15:31:41 UTC