On 2018-11-20 15:38, john.bieling--- via dev-platform wrote:
For me it would be interesting to understand, if you consider the header send by contacts.icloud.com to by invalid, even though it fully complies with the spec
Our implementation reflects the reality we can see in the wild. I believe the spec has always been wrong here, and apparently has never been widely respected by servers because commas may be contained in the challenge header values. The spec should consider authentication as an exception, similarly to Set-Cookies. This is, tho, only my opinion.
-hb- _______________________________________________ dev-platform mailing list dev-platform@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-platform