[whatwg] Solving the login/logout problem in HTML
Julian Reschke
julian.reschke at gmx.de
Wed Nov 26 02:56:46 PST 2008
Martin Atkins wrote:
> This idea has promise, but is it compatible with existing browsers?
>
> The case where the only challenge included is HTML is probably okay,
> since browsers will at this point likely determine that they don't
> support any of the given schemes and just display the entity body. The
> only concern in this case is browser-provided default error pages for
> the 401 response, which can hopefully be suppressed in much the same way
> as sites suppress IE's default 404 error page by padding the response to
> take it above a certain filesize.
>
> More bothersome is this case:
> HTTP/1.1 401 Unauthorized
> ...
> WWW-Authenticate: HTML form="login"
> WWW-Authenticate: Basic realm="..."
> ...
Is that case relevant? Today, those sites do not support Basic (or
Digest) at all, or only send the 401 for certain user agents and/or
methods. So I wouldn't expect them to start adding the non-HTMLL auth
challenge...
> ...
BR, Julian
More information about the whatwg
mailing list