Re: Sending WWW-Authenticate in 200 and 304 responses from Soni L. on 2023-03-02 (ietf-http-wg@w3.org from January to March 2023)

From: Soni L. <fakedme+http@gmail.com>
Date: Thu, 2 Mar 2023 19:33:05 -0300
To: HTTP Working Group <ietf-http-wg@w3.org>
Message-ID: <446c230d-3877-99e7-42a0-62a83f0214f8@gmail.com>

On 3/2/23 13:20, Daniel Stenberg wrote:
> On Thu, 2 Mar 2023, Soni L. wrote:
>
>> Is it forbidden to send WWW-Authenticate with 200 and 304 responses?
>
> "A server MAY generate a WWW-Authenticate header field in other 
> response messages to indicate that supplying credentials (or different 
> credentials) might affect the response."
>
> (RFC 9110 section 11.6.1)

Oh cool! Can this be used like IRCv3 SASL, so as to sidestep oblique 
login button placement?

Received on Thursday, 2 March 2023 22:33:20 UTC