W3C home > Mailing lists > Public > whatwg@whatwg.org > November 2008

[whatwg] Solving the login/logout problem in HTML

From: Julian Reschke <julian.reschke@gmx.de>
Date: Wed, 26 Nov 2008 11:56:46 +0100
Message-ID: <492D2B6E.7000904@gmx.de>
Martin Atkins wrote:
> This idea has promise, but is it compatible with existing browsers?
> 
> The case where the only challenge included is HTML is probably okay, 
> since browsers will at this point likely determine that they don't 
> support any of the given schemes and just display the entity body. The 
> only concern in this case is browser-provided default error pages for 
> the 401 response, which can hopefully be suppressed in much the same way 
> as sites suppress IE's default 404 error page by padding the response to 
> take it above a certain filesize.
> 
> More bothersome is this case:
> HTTP/1.1 401 Unauthorized
> ...
> WWW-Authenticate: HTML form="login"
> WWW-Authenticate: Basic realm="..."
> ...

Is that case relevant? Today, those sites do not support Basic (or 
Digest) at all, or only send the 401 for certain user agents and/or 
methods. So I wouldn't expect them to start adding the non-HTMLL auth 
challenge...

 > ...

BR, Julian
Received on Wednesday, 26 November 2008 02:56:46 UTC

This archive was generated by hypermail 2.4.0 : Wednesday, 22 January 2020 16:59:07 UTC