Permalink
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Browse files
[] (0) Define a way to expose HTTP login forms to spiders in 401 (or …
…even 200) responses. git-svn-id: http://svn.whatwg.org/webapps@2432 340c8d12-0b0e-0410-8428-c7bf67bfef74
- Loading branch information
</ol> | ||
|
||
|
||
<h4>Login forms</h4> | ||
|
||
<p>A common use for forms is user authentication. To indicate that | ||
an HTTP <span>URL</span> requires authentication through such a form | ||
before use, the HTTP 401 response code with a <code | ||
title="">WWW-Authenticate</code> challenge "<code | ||
title="">HTML</code>" may be used.</p> | ||
|
||
<p>For this authentication scheme, the framework defined in RFC2617 | ||
is used as follows. <a href="#refsRFC2617">[RFC2617]</a></p> | ||
|
||
<pre><dfn title="bnf-formauth-challenge">challenge</dfn> = "<code title="">HTML</code>" [ <span title="bnf-formauth-form">form</span> ] | ||
<dfn title="bnf-formauth-form">form</dfn> = "<code title="">form</code>" "<code title="">=</code>" <span title="bnf-formauth-form-name">form-name</span> | ||
<dfn title="bnf-formauth-form-name">form-name</dfn> = quoted-string</pre> | ||
|
||
<p>The <span title="bnf-formauth-form">form</span> parameter, if | ||
present, indicates that the first <code>form</code> element in the | ||
entity body whose <span title="attr-form-name">name</span> is the | ||
specified string, in <span>tree order</span>, if any, is the login | ||
form. If the parameter is omitted, then the first <code>form</code> | ||
element in the entity body, in <span>tree order</span>, if any, is | ||
the login form.</p> | ||
|
||
<p>There is no <code title="">credentials</code> production for this | ||
scheme because the login information is to be sent as a normal form | ||
submission and not using the <code title="">Authorization</code> | ||
HTTP header.</p> | ||
|
||
<p>This authentication scheme must only be used for entities whose | ||
bodies contain HTML or XML with at least one <code>form</code> | ||
element.</p> | ||
|
||
<p class="note">Pages that include a login form but are not | ||
protected by the login form (and for which a 401 response would | ||
therefore be inappropriate) can have an "<code title="">HTML</code>" | ||
challenge included in a <code title="">WWW-Authenticate</code> | ||
header even though the response code is not 401. This allows user | ||
agents to identify login forms on pages even when the user might not | ||
want to log in.</p> | ||
|
||
|
||
|
||
|
||
<h3 id="interactive-elements">Interactive elements</h3> |