| Please (let me repeat Please, Please, Please, Please, Please) don't get wrapped around 401 vs 407.
There is nothing the recipient of such a response can do differently based on the difference between those codes. They can't even use them to tell to look for the www- or proxy- form of the challenge header fields because proxies have to aggregate the challenges from multiple forks - a response of either type might have headers of both types by the time it makes it to the UA. Said another way, an endpoint receiving a 401 or a 407 has to look for multiple instances of BOTH FORMS.
It really doesn't matter what something in the middle sends. As a UA you can't tell what it was and you definitely mustn't care.
When we have the opportunity to rev the spec again, I'll be working hard to deprecate one or the other of those codes.
RjS
On Oct 30, 2006, at 5:25 PM, Steven Coule wrote: We noticed at SIPit that a number of UACs did not cope with having their REGISTER challenged with 407 Proxy-authenticate, but instead expected 401 Unauthorised. Dum/ServerAuthmanager.cxx seems to have 407 hard-coded … Does anyone have any strong feelings as to why this is the case? Should we really be sending a 401 when not acting as a proxy? (Our app is a B2BUA).
Thanks,
Steve Coule
Envox UK Ltd
_______________________________________________ resiprocate-devel mailing list |