|

»

w3.org - www-talk

a question about WWW-Authenticate header

View: New views

5 Messages — Rating Filter: Alert me

	a question about WWW-Authenticate header by Manlio Perillo-4 :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Hi. What is the "correct" behaviour for an HTTP user agent, when it process a WWW-Authenticate header containing unsupported challenge? I have found that Internet Explorer, Firefox, Konqueror, Epiphany, ignore the header. Opera, however, reports an error: Error! The server requested a login authentication method that is not supported. Is this an acceptable behaviour? RFC 2616 says nothing, here. Thanks Manlio Perillo
	Re: a question about WWW-Authenticate header by Julian Reschke :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Manlio Perillo wrote: > Hi. > > What is the "correct" behaviour for an HTTP user agent, when it process > a WWW-Authenticate header containing unsupported challenge? It depends. Was the challenge the only challenge being returned? Was there a response body that the UA could have displayed? > ... BR, Julian
	Re: a question about WWW-Authenticate header by Manlio Perillo-4 :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Julian Reschke ha scritto: > Manlio Perillo wrote: >> Hi. >> >> What is the "correct" behaviour for an HTTP user agent, when it >> process a WWW-Authenticate header containing unsupported challenge? > > It depends. > > Was the challenge the only challenge being returned? Yes. > Was there a > response body that the UA could have displayed? > Yes, a text/plain response body, that Opera does not display. > > ... > > BR, Julian > Thanks Manlio Perillo
	Re: a question about WWW-Authenticate header by Julian Reschke :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Manlio Perillo wrote: > Julian Reschke ha scritto: >> Manlio Perillo wrote: >>> Hi. >>> >>> What is the "correct" behaviour for an HTTP user agent, when it >>> process a WWW-Authenticate header containing unsupported challenge? >> >> It depends. >> >> Was the challenge the only challenge being returned? > > Yes. > > >> Was there a response body that the UA could have displayed? >> > > Yes, a text/plain response body, that Opera does not display. I think Opera should display it, although I agree there's no clear language in RFC2616/2617 requiring it to do so. Out of curiosity, does the situation change when the response uses text/html? > ... BR, Julian
	Re: a question about WWW-Authenticate header by Manlio Perillo-4 :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Julian Reschke ha scritto: > Manlio Perillo wrote: >> Julian Reschke ha scritto: >>> Manlio Perillo wrote: >>>> Hi. >>>> >>>> What is the "correct" behaviour for an HTTP user agent, when it >>>> process a WWW-Authenticate header containing unsupported challenge? >>> > [...] > > I think Opera should display it, although I agree there's no clear > language in RFC2616/2617 requiring it to do so. > > Out of curiosity, does the situation change when the response uses > text/html? > It's the same, Opera does not display it. Right now, I'm returning a 401 Unauthorized response, without the WWW-Authenticate header (in violation of the HTTP 1.1 specification), and all browsers display the response body. > > ... > > BR, Julian > Manlio Perillo