WWW-Authenticate header

Fasih faskiri.devel at gmail.com
Fri Jan 10 12:12:23 UTC 2014


RFC allows a server to respond with multiple WWW-Authenticate header (

"User agents are advised to take special care in parsing the WWW-
Authenticate field value as it might contain more than one challenge, or if
more than one WWW-Authenticate header field is provided, the contents of a
challenge itself can contain a comma-separated list of authentication

However nginx defines WWW-Authenticate header as an ngx_table_elt_t in
the ngx_http_headers_out_t struct as opposed to an ngx_array_t like other
allowed repeated value headers.

Is this a bug that I should file?

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx-devel/attachments/20140110/da5c743c/attachment.html>

More information about the nginx-devel mailing list