> Maurizio Lotauro wrote:
> > Scrive Fastream Technologies <[EMAIL PROTECTED]>:
> > 
> >> Firefox and Opera tolerates the comma well. You can try here: 
> >> (8.0.8B2). Just add a user
> >> from HTTP->Users and then assign  the user to a path (C:\NFRoot is the 
> >> default) and point your browser to localhost. I believe Mozilla team knew
> >> about the IE bug and decided to keep it compatible to that as well as the
> >> RFC.
> > 
> > Why don't write each challenge on separate header? The actual THttpCli
> doesn't 
> > expect more challenge in a single header.
> Its exactly the same.  If THttpCli doesn't expect more challenges in a 
> single header, then perhaps it should be modified, as this is specified 
> in the RFC.

True, but in the meantime...
In any case, I think that writing one challenge per header would be made 
things a little clear, in particular for debugging.

But how do you interpreted what the rfc say? Should it be like

WWW-Authenticate: <auth-scheme_A> <list of param of auth-scheme_A> <auth-
scheme_B> <list of param of auth-scheme_B> <auth-scheme_C> ...

or the each scheme should be identified because they are different from a 
parameter (that is always like <param>=<value>?

>From rfc:
Authenticate header field containing at least one challenge
applicable to the proxy for the requested resource.

challenge = auth-scheme 1*SP 1#auth-param

Note: User agents will need to take special care in parsing the 
WWWAuthenticate or Proxy-Authenticate header field value if it contains more 
than one challenge, or if more than one WWW-Authenticate header field is 
provided, since the contents of a challenge may itself contain a comma-
separated list of authentication parameters.

Bye, Maurizio.

This mail has been sent using Alpikom webmail system

To unsubscribe or change your settings for TWSocket mailing list
please goto
Visit our website at

Reply via email to