Skip to content

Spec WWW-Authenticate and Proxy-Authenticate handling in HTTP-network-or-cache fetch #1766

New issue
New issue
Open
Open
Spec WWW-Authenticate and Proxy-Authenticate handling in HTTP-network-or-cache fetch#1766
Labels
needs concrete proposalMoving the issue forward requires someone to figure out a detailed plantopic: http
@gmta

Description

@gmta
gmta
opened on Aug 13, 2024

What is the issue with the Fetch Standard?

The current HTTP-network-or-cache fetch specification leaves checking the WWW-Authenticate header open for interpretation; ignoring it might trigger an infinite HTTP 401 loop re-asking a username and password to send with the new requests:

fetch/fetch.bs

Lines 5873 to 5874 in 4cb3cf2

<li class=XXX><p>Needs testing: multiple `<code>WWW-Authenticate</code>` headers, missing,
parsing issues.

Similarly, HTTP 407 handling has outstanding Proxy-Authenticate header handling that needs to be specced:

fetch/fetch.bs

Lines 5918 to 5919 in 4cb3cf2

<li class=XXX><p>Needs testing: multiple `<code>Proxy-Authenticate</code>` headers, missing,
parsing issues.

Metadata

Metadata

Assignees

No one assigned

    Labels

    needs concrete proposalMoving the issue forward requires someone to figure out a detailed plantopic: http

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions