[whatwg] Solving the login/logout problem in HTML

Julian Reschke julian.reschke at gmx.de
Wed Nov 26 02:56:46 PST 2008


Martin Atkins wrote:
> This idea has promise, but is it compatible with existing browsers?
> 
> The case where the only challenge included is HTML is probably okay, 
> since browsers will at this point likely determine that they don't 
> support any of the given schemes and just display the entity body. The 
> only concern in this case is browser-provided default error pages for 
> the 401 response, which can hopefully be suppressed in much the same way 
> as sites suppress IE's default 404 error page by padding the response to 
> take it above a certain filesize.
> 
> More bothersome is this case:
> HTTP/1.1 401 Unauthorized
> ...
> WWW-Authenticate: HTML form="login"
> WWW-Authenticate: Basic realm="..."
> ...

Is that case relevant? Today, those sites do not support Basic (or 
Digest) at all, or only send the 401 for certain user agents and/or 
methods. So I wouldn't expect them to start adding the non-HTMLL auth 
challenge...

 > ...

BR, Julian




More information about the whatwg mailing list