On Sep 23, 2:23 pm, Bernd Kreuss <[EMAIL PROTECTED]> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Hector wrote:
> > You didn't follow the problem:
>
> I followed the problem very well: You are relying on an optional feature
> that browsers may or may not implement. you are sending a 301 on your
> front page and the Browser does what is expected: It redirects.
And all BROWSERS, except Chrome will follow the Authorization header
for that domain. All BROWSERS behaved this way since the dawn of
(HTTP AUTH) web time, except Chrome. So to me, this a matter of the
lack of engineering experience by the engineer who put that code
together. Of course, they borrowed Applies code, which is broken too.
So hence Chrome inherited the problem.
> Instead you should just send a 401 instead and if the browser then
> answers with the correct "Authorization"-header you send the actual
> content. Shouldn't more than 5 lines of code in the base class for all
> your page controllers/request-handlers/whatever.
Wrong WEB-DESIGN presumption.
A web page at ANY time can have any state, The first time you visit
it with an unauthenticated request, you can be redirected. The next
time you visit it with a authenticated request, a different action is
taken.
Again, the Chrome client redirection logic is incorrect.
In the same way GOOGLE uses a COOKIE to be persistent for a certain
web page and applies redirection logic or not based on whether the
browser passed a authorized cookie: header, GOOGLE should do the
same thing with Chrome with standard HTTP authorization headers.
In other words, if it follows the domain based cookie persistent
logic, it should do the same with the Authorization header.
Besides this is written in the RFC specification/guidelines and all
browsers follow this logic since the beginning of the WEB, except the
new kid in the block - CHROME
Why do you keep ignoring that fact?
Hector Santos/CTO
Santronics Software, Inc
http://www.santronics.com
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Chromium-discuss" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/chromium-discuss?hl=en
-~----------~----~----~----~------~----~------~--~---
