You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by alexander dosher <al...@pacbell.net> on 2005/02/24 19:58:12 UTC
Tomcat serves unauthenticated 304s. yuck.
Hi all,
I have what is mainly an IE6 problem, but Tomcat is contributing by
serving up 304s to requests whose authentication (FORM or BASIC) has
expired. This seems to me to be in violation of the HTTP/1.1 spec:
"If the client has performed a conditional GET request /and access is
allowed/, but the document has not been modified, the server SHOULD
respond with this status code."
Specifically, the problem is arising because Tomcat is serving a 304 for
the *page*, but 403s for the page's linked stylesheet & javascript files
(in a separate webapp but under the same access control, & single-signon
turned on), which causes ugliness. This is almost certainly IE's fault,
for issuing different sorts of GETs, but Tomcat *still* (IMHO) shouldn't
be doing *anything* with an unauthenticated request for a protected
resource other than trying to authenticate the user.
B*g, or user error? Comments appreciated,
alex.
--
___________________________________________________________________
| Alexander Dosher...Proletarian Intellectual, American Art Fascism |
| S.J. Earthquakes...Chelsea FC...Ukraine...Neue Slowenische Kunst |
| |
| "There was port later." - Arthur Machen, _The Bright Boy_ |
|___________________________________________________________________|
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org