Re: The Hypertext Transfer Protocol (HTTP) Authentication-Info Header Field

On 2015-01-28 10:59, Amos Jeffries wrote:
> ...
> I think its a good idea.
> ...


> It is also worth noting at this point that those headers are already in
> use in the wild (by Squid at least) for Negotiate scheme in a way that
> does not match the ABNF. Instead they just echo back from the server the
> accepted "Negotiate <token>" credentials received from the client.
> ...

Well, Negotiate already is that weirdo (see RFC 7236).

We *could* define Authentication-Info without having an ABNF, but I'd 
prefer to stick to what RFC 2617 said (it's flexible enough).

> I am not sure exactly why Squid does this, I've queried our dev team to
> see if anyone knows.

Thanks. It's certainly not document in the RFC. In a quick search, I 
also found <>.

Best regards, Julian

Received on Wednesday, 28 January 2015 11:00:22 UTC