- From: Philip Fennell <Philip.Fennell@marklogic.com>
- Date: Sun, 12 Dec 2010 22:48:45 -0800
- To: Florent Georges <fgeorges@fgeorges.org>
- CC: XProc Dev <xproc-dev@w3.org>
Florent, > whether a client should send the authentication infos when following a 301 (sounds dangerous to me Now you come to mention it, you might be right. > Maybe a HTTP tool to dump the requests could help here. Although I know the username/password is correct it wouldn't do any harm to check. Many thanks Philip -----Original Message----- From: fgeorges@gmail.com [mailto:fgeorges@gmail.com] On Behalf Of Florent Georges Sent: 10 December, 2010 7:01 PM To: Philip Fennell Cc: XProc Dev Subject: Re: p:http-request and HTTP re-directs On 10 December 2010 16:50, Philip Fennell wrote: Hi, > and the response from the service a 301 redirect why would I > get a 401 response from the service I was redirected to? After > all, I have provided the username/password for that service. Interesting. I don't have the answer for this particular case, unfortunately, but I am interested in the case. This is unclear to me (from both the HTTP 1.1 and HTTP Authentication RFCs) whether a client should send the authentication infos when following a 301 (sounds dangerous to me, in particular with the Basic scheme). But I don't have the definitive answer here, I am not a HTTP expert... Second, are you sure Calabash does not send the authentication infos when following the redirect? I mean, maybe it does but the target server does respond 401 because the credentials are not valid (401 is returned both when there is no credentials at all and when they are incorrect). Maybe a HTTP tool to dump the requests could help here. Regards, -- Florent Georges http://fgeorges.org/
Received on Monday, 13 December 2010 06:49:15 UTC