Message202158
Also let me add from RFC 2617, end of section 2:
> A client MAY preemptively send the corresponding Authorization
> header with requests for resources in that space without
> receipt of another challenge from the server. Similarly, when
> a client sends a request to a proxy, it may reuse a userid and
> password in the Proxy-Authorization header field without
> receiving another challenge from the proxy server. See section
> 4 for security considerations associated with Basic
> authentication.
So sending "Authorization" in the introductory request is not
only performance hack, but it is also anticipated by RFC. |
|
Date |
User |
Action |
Args |
2013-11-04 19:26:53 | mcepl | set | recipients:
+ mcepl |
2013-11-04 19:26:53 | mcepl | set | messageid: <1383593213.58.0.82920866423.issue19494@psf.upfronthosting.co.za> |
2013-11-04 19:26:53 | mcepl | link | issue19494 messages |
2013-11-04 19:26:53 | mcepl | create | |
|