[hybi] Authentication headers

Wellington Fernando de Macedo <wfernandom2004@gmail.com> Mon, 07 June 2010 20:34 UTC

Return-Path: <wfernandom2004@gmail.com>
X-Original-To: hybi@core3.amsl.com
Delivered-To: hybi@core3.amsl.com
Received: from localhost (localhost []) by core3.amsl.com (Postfix) with ESMTP id 01CFE3A6822 for <hybi@core3.amsl.com>; Mon, 7 Jun 2010 13:34:42 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.739
X-Spam-Status: No, score=-0.739 tagged_above=-999 required=5 tests=[BAYES_20=-0.74, HTML_MESSAGE=0.001]
Received: from mail.ietf.org ([]) by localhost (core3.amsl.com []) (amavisd-new, port 10024) with ESMTP id XDaF23dqC+tn for <hybi@core3.amsl.com>; Mon, 7 Jun 2010 13:34:41 -0700 (PDT)
Received: from mail-yw0-f179.google.com (mail-yw0-f179.google.com []) by core3.amsl.com (Postfix) with ESMTP id EDC013A67B1 for <hybi@ietf.org>; Mon, 7 Jun 2010 13:34:40 -0700 (PDT)
Received: by ywh9 with SMTP id 9so3635737ywh.17 for <hybi@ietf.org>; Mon, 07 Jun 2010 13:34:38 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:received:date:message-id :subject:from:to:content-type; bh=lpUkk/0BXT5jXHGsPH+lgxUBqCz4fOS4ZMkygRt4TKM=; b=OGzLVdw/73nenO0qE6eogvVb7SvKzDENcm0CDTnS3ROJg9nOslj+Ne0WWbGfohLfQQ lCNnPWo35T0hmhh9ExLaidqBS1r/Xqw8v5t/M+5dqX0Pd8Z3Pk7EUL5zI4WI6vFLFP9f akrmnEOowmVFwRWk4y3yWgeF3koZFyDlmNSYU=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:date:message-id:subject:from:to:content-type; b=VPohIxw3F5PaMsO3hPZyL7sq9AnjCJ9R6nSIZ5NziMp8Ijs2ly5lHYCuUobWjWz/Xg m+NiTDSwLqD/yjzouJAa9LwktMrLuIE0iACj+8H7zHsc0naak4HlcFJb6BKZUz4SuaDN IEWcYX3gPTizwP2SvtDDpcDK1ygQOYYqPNJHw=
MIME-Version: 1.0
Received: by with SMTP id d9mr5099209qcn.125.1275942877998; Mon, 07 Jun 2010 13:34:37 -0700 (PDT)
Received: by with HTTP; Mon, 7 Jun 2010 13:34:34 -0700 (PDT)
Date: Mon, 07 Jun 2010 17:34:34 -0300
Message-ID: <AANLkTimo9g4Tvzd1RekVXKtTpOhRz58jr7VLqhS-Wrdf@mail.gmail.com>
From: Wellington Fernando de Macedo <wfernandom2004@gmail.com>
To: hybi@ietf.org
Content-Type: multipart/alternative; boundary="001636426fafff2dd20488769974"
Subject: [hybi] Authentication headers
X-BeenThere: hybi@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Server-Initiated HTTP <hybi.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/hybi>, <mailto:hybi-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/hybi>
List-Post: <mailto:hybi@ietf.org>
List-Help: <mailto:hybi-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/hybi>, <mailto:hybi-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 07 Jun 2010 20:34:42 -0000


I'm updating the Mozilla's implementation of the WS protocol to its latest
version (v.76).
I know that handling the 401 http response was already removed in the v75.
But now
I've noted that even the http Authorization header has been removed.

Well, I think that the 401 http status was removed in order to prevent the
browser to
open unexpected auth dialogs to the user. Actually, I know there is the
cookie information,
but I think it isn't always enough. So, I would like to ask, why can't a
request include the Authorization header from its page origin?