Closed mnot closed 3 years ago
julian.reschke@gmx.de changed description from:
http://greenbytes.de/tech/webdav/draft-ietf-httpbis-p7-auth-24.html#rfc.section.4.4:
"User agents are advised to take special care in parsing the WWW-Authenticate field value as it might contain more than one challenge, or if more than one WWW-Authenticate header field is provided, the contents of a challenge itself can contain a comma-separated list of authentication parameters."
This is text that we copied from RFC 2616 (http://greenbytes.de/tech/webdav/rfc2616.html#rfc.section.14.47). However, isn't the
"...if more than one WWW-Authenticate header field is provided..."
incorrect?
What's contained in a challenge does not depend on the number of header field instances, after all.
to:
http://greenbytes.de/tech/webdav/draft-ietf-httpbis-p7-auth-24.html#rfc.section.4.4:
"User agents are advised to take special care in parsing the WWW-Authenticate field value as it might contain more than one challenge, or if more than one WWW-Authenticate header field is provided, the contents of a challenge itself can contain a comma-separated list of authentication parameters."
This is text that we copied from RFC 2616 (http://greenbytes.de/tech/webdav/rfc2616.html#rfc.section.14.47). However, isn't the
"...if more than one WWW-Authenticate header field is provided..."
incorrect?
What's contained in a challenge does not depend on the number of header field instances, after all.
(note that similar text appears one more time; we should also look into reducing duplication)
unassigned
to 25
incorporated
new
to closed
julian.reschke@gmx.de changed severity from In WG Last Call
to In IETF LC
http://greenbytes.de/tech/webdav/draft-ietf-httpbis-p7-auth-24.html#rfc.section.4.4:
"User agents are advised to take special care in parsing the WWW-Authenticate field value as it might contain more than one challenge, or if more than one WWW-Authenticate header field is provided, the contents of a challenge itself can contain a comma-separated list of authentication parameters."
This is text that we copied from RFC 2616 (http://greenbytes.de/tech/webdav/rfc2616.html#rfc.section.14.47). However, isn't the
"...if more than one WWW-Authenticate header field is provided..."
incorrect?
What's contained in a challenge does not depend on the number of header field instances, after all.
(note that similar text appears one more time; we should also look into reducing duplication)
Reported by julian.reschke@gmx.de, migrated from https://trac.ietf.org/trac/httpbis/ticket/516