Open gmta opened 3 months ago
The current HTTP-network-or-cache fetch specification leaves checking the WWW-Authenticate header open for interpretation; ignoring it might trigger an infinite HTTP 401 loop re-asking a username and password to send with the new requests:
WWW-Authenticate
https://github.com/whatwg/fetch/blob/4cb3cf21946113c0684f04122dd95315fd10c567/fetch.bs#L5873-L5874
Similarly, HTTP 407 handling has outstanding Proxy-Authenticate header handling that needs to be specced:
Proxy-Authenticate
https://github.com/whatwg/fetch/blob/4cb3cf21946113c0684f04122dd95315fd10c567/fetch.bs#L5918-L5919
What is the issue with the Fetch Standard?
The current HTTP-network-or-cache fetch specification leaves checking the
WWW-Authenticateheader open for interpretation; ignoring it might trigger an infinite HTTP 401 loop re-asking a username and password to send with the new requests:https://github.com/whatwg/fetch/blob/4cb3cf21946113c0684f04122dd95315fd10c567/fetch.bs#L5873-L5874
Similarly, HTTP 407 handling has outstanding
Proxy-Authenticateheader handling that needs to be specced:https://github.com/whatwg/fetch/blob/4cb3cf21946113c0684f04122dd95315fd10c567/fetch.bs#L5918-L5919