Hello,
On Tuesday, 10 September 2019 16:19:01 UTC, Honza Bambas wrote:
> There is no official or standardized way to "force" authentication,
> because this is really a non-standard thing you do.
Can you ellaborate on this and why is it off-standard? What shall have been
written in the
Hello,
the use case is: A WebDAV (CalDAV/CardDAV) server offers:
* calendars for authenticated users
* calendars for unauthenticated users
* the bootstrapping procedure described in RFC 6764.
So the server returns one set of availabe calendars (caldav collections) for
unauthenticated user, and
There is no official or standardized way to "force" authentication,
because this is really a non-standard thing you do.
I would more suggest a login request path like
"https://foo.com/login.php; or whatever scripting is used, that would
return 401 with the challenge response header.
Alternatively, the admin wants me to send a bogus authenticate header, like
Authenticate: X to trigger the authentication.
I really do not like that. Maybe I can get him to jump into the discussion.
___
dev-platform mailing list
No, the server is not controlled by me. The admin expects clients to send a
Basic Auth header without having seen the WWW-Authenticate header, if I do not
want to access the resource unauthenticated.
For me this looked wrong from the beginning, but just wanted to make sure I am
not missing
On 2019-09-10 15:45, john.bieling--- via dev-platform wrote:
Thanks for your reply.
I do not want to manually add a `Authentication` request header, as I also do
not know what methods are allowed without having seen the WWW-Authentication
header (and just trying basic auth is not an option
Thanks for your reply.
I do not want to manually add a `Authentication` request header, as I also do
not know what methods are allowed without having seen the WWW-Authentication
header (and just trying basic auth is not an option for me).
I was hoping there was some established mechanism to
Hi,
adding a custom `Authentication` request header is the right way to do
this. Not sure what you mean by "I want nsIHttpChannel to do all the
auth stuff" when it doesn't know it has to authenticate to the site. We
need a 401 response to produce and cache `Authentication` request
headers
nsIHttpChannel is usually doing an unauthenticated request to a remote URL to
get the WWW-Authentication header from the 401 response and then pick one of
the allowed methods to authenticate.
I am running into an issue, where the server is not returning a 401 but
actually returns a result for
9 matches
Mail list logo