Hi Oleg, > I think the simplest approach is to not run CONNECT methods through the > standard HTTP protocol interceptors. CONNECT methods require > authentication support, but this cannot be implemented using protocol > interceptors anyways and is likely to require an authentication handler > of a sort. I am sure there should be a way to use the same > authentication handler to authenticate both 'regular' and CONNECT > requests.
+1 on the authentication handler. One of my biggest concerns last year, when we discussed for HttpDispatch whether to run interceptors in background threads or not, was user interaction from interceptors. Keeping such logic out of inteceptors is much better. CONNECT requests do require a Date header. Of course that can be added manually. There are other what-ifs I could think of. Anyways, let's create and prepare the CONNECT request in a protected method of the director, then anybody with additional requirements can override it and do whatever they need. Isn't pluggability great? :-) cheers, Roland --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
