mdounin at mdounin.ru
Fri Jan 10 13:49:46 UTC 2014
On Fri, Jan 10, 2014 at 05:42:23PM +0530, Fasih wrote:
> RFC allows a server to respond with multiple WWW-Authenticate header (
> "User agents are advised to take special care in parsing the WWW-
> Authenticate field value as it might contain more than one challenge, or if
> more than one WWW-Authenticate header field is provided, the contents of a
> challenge itself can contain a comma-separated list of authentication
> However nginx defines WWW-Authenticate header as an ngx_table_elt_t in
> the ngx_http_headers_out_t struct as opposed to an ngx_array_t like other
> allowed repeated value headers.
> Is this a bug that I should file?
Have you seen this to be a problem in real life?
More information about the nginx-devel