You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@httpd.apache.org by "Roy T. Fielding" <fi...@liege.ICS.UCI.EDU> on 1997/01/30 06:50:02 UTC

Re: cvs commit: apache/src http_protocol.c

>>   Also allow WWW-Authenticate to be sent on 304 response.
> 
> Wha? WWW-Authenticate is only set for 401 responses, isn't it?

Apparently not.  If it is being used to carry server authenticity
data, as appears to be the case for the Kerberos thingy, then it
would appear on any response that would be authenticated by the client.
I don't use Kerberos, but that was the essence of the report.

.....Roy