WWW-Authenticate header
Maxim Dounin
mdounin at mdounin.ru
Fri Jan 10 13:49:46 UTC 2014
Hello!
On Fri, Jan 10, 2014 at 05:42:23PM +0530, Fasih wrote:
> Hi
>
> RFC allows a server to respond with multiple WWW-Authenticate header (
> http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.47).
>
> "User agents are advised to take special care in parsing the WWW-
> Authenticate field value as it might contain more than one challenge, or if
> more than one WWW-Authenticate header field is provided, the contents of a
> challenge itself can contain a comma-separated list of authentication
> parameters."
>
> However nginx defines WWW-Authenticate header as an ngx_table_elt_t in
> the ngx_http_headers_out_t struct as opposed to an ngx_array_t like other
> allowed repeated value headers.
>
> Is this a bug that I should file?
Have you seen this to be a problem in real life?
--
Maxim Dounin
http://nginx.org/
More information about the nginx-devel
mailing list