On Tue, 30 Jul 2013, Tim Ruehsen wrote:
At one guy experienced that thing (last answer from Miklos Krivan): http://stackoverflow.com/questions/3576197/http-authentication-www-authenticate-header-multiple-realms
Right, multiple auth responses are fairly common in separate lines, but I was talking about multiple ones in a single line.
curl supports picking "the best" one out of all that are sent in separate headers. There's no single definition for what "the best" one is and that last answer shows how the two browsers think differently about that.
HTTP has this general rule that it can turn headers that can be repeated into a single one that instead is comma-separated (with a few exceptions such as Set-Cookie) so ideally a perfect HTTP parser would handle both variants.
-- / daniel.haxx.se
