Matt, I have been giving this issue some thoughts over the last hour, and I think a see your point and agree with it. If the browser decides to request a file, it is up to the browser to deal with it. However, there is still this little voice in my head telling me we are about to breach the http protocol by ignoring a "auth required" messages (or interpretting it as a 404/403 if you like). But hell, i dont like the fact that my browser is requesting files i didnt ask for either. Maybe the favicon stuff should be a part of the http-protocol and therefor we could also define that a "auth-required" message on favicon should be interpreted as a 404.
Regards, Jasper -----Original Message----- From: Matthew Palmer [mailto:[EMAIL PROTECTED] Sent: woensdag 6 oktober 2004 14:10 To: [EMAIL PROTECTED] Subject: Re: repeated requests for a file favicon.ico On Wed, Oct 06, 2004 at 12:22:47PM +0200, Jasper Filon wrote: > I agree with you that maybe it would be better if the browser would > interpret a authorisation request on a favicon.ico as a 404 (or 403) > error, but on the other hand, the request for favicon isn't any different > from a normal http request. Maybe you could even say it is up to apache to > send the 403 rather than ask for authorisation. I think this could be an > interresting discussion. I think it's up to the browser to realise that it's asking for something which, quite honestly, the user probably has no knowledge of, and if it gets an "Auth Required" back when it asks for the favicon it should go "oh well" and give up, unless it already has authentication credentials for the specified site and realm. Making apache do it would complicate the server code unnecessarily, and really does seem to be putting the fix in the wrong place. - Matt
