Re: Interop issue: how can clients force authentication?

Authorization is granted/denied based on the method of the request.
There might even be different challenges per method.  In other words,
this idea won't work for HTTP.

The original idea of OPTIONS was that, if the client wished to test the
options for a specific request, then it would include that request's
request-line and headers in the body of the OPTIONS request.  The server
would then look at the body to determine what the options would be and
report that back to the client.  However, since the WG did not want to
define the format of such a response, the feature got dropped.

The alternative was to simply issue the request with Expect: 100-continue.

I don't know if that is sufficient for your problem, but I do know that
using a T/F request header field on OPTIONS is not.  A minimum would be
to list the methods in that field instead.  I also suggest finding a
less verbose field name.

....Roy

Received on Monday, 16 September 2002 20:36:52 UTC