No problems. We're doing the same thing. - James
John Panzer wrote: > All, > > We're currently implementing authentication for private Atom feeds > (https+HTTP Basic auth) in our blogging platform. One thing we're doing > is a little edgy but appears to work; I'd like to get feedback on > whether people think this will break anything. > > If someone attempts to retrieve a feed using an unprotected protocol > (http://example.org/atom.xml) and the feed is private, we first issue a > 301 Permanent Redirect response to the requestor, sending them to,.e.g, > https://example.org.atom.xml. The server then issues an HTTP Basic auth > challenge if required, and proceeds as normal. We do the same thing for > our APP implementation, though hopefully people will be using the > correct https: URLs in the first place for those (obtained via > introspection). > > Anybody see potential problems with this approach? It seems to work > okay in the clients we've tested so far. > > Thanks, > -- > Abstractioneer <http://feeds.feedburner.com/aol/SzHO>John Panzer > System Architect > http://abstractioneer.org
