On Wed, Sep 04, 2002 at 10:43:51AM -0700, Justin Erenkrantz wrote: > > ...and react to WWW-Authenticate header just like browsers and other > > tiny clients (like wget) do. And I think we want to mimic browser > > behaviour. OTOH this brings up other issue -- an url list where we can > > insert new urls in realtime (like is planned for 3xx responses), which > > needs a bit more work... > > *sigh* Yeah, that's one thing we've always thought about, but never > really implemented (allowing following of 3xx). If you wish to > take a stab at it, be our guest. Almost certainly, we'd have to > discuss it on-list first before coding it up. -- justin
I missed this part of the discussion the other day. I think it would be useful to allow for certain types of dynamic urllist manipulation, but I don't think in general we want to support automatic 302 redirection. Either you are checking for the 302 response and the next entry in your urllist is the same url that came back with the 302, or your app wasn't supposed to return 302. (I tend to think that gratuitous 302's are errors.) An even more complicated example is how flood should deal with the WWW-Authenticate stuff, as suggested above. I tend to think that flood should be able to both check that the auth was required, and that some supplied credentials were accepted. I guess in both cases as long as it can be controlled whether to do automatic 302s or supply auth information, then that's fine. I just tend to think that we don't need it to be automatic. -aaron
