Re: [hybi] Authentication headers

Wellington Fernando de Macedo <wfernandom2004@gmail.com> Mon, 07 June 2010 20:45 UTC

Return-Path: <wfernandom2004@gmail.com>
X-Original-To: hybi@core3.amsl.com
Delivered-To: hybi@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 1ECE53A6855 for <hybi@core3.amsl.com>; Mon, 7 Jun 2010 13:45:35 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.002
X-Spam-Level:
X-Spam-Status: No, score=0.002 tagged_above=-999 required=5 tests=[BAYES_50=0.001, HTML_MESSAGE=0.001]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Hr8cFMfl2-sP for <hybi@core3.amsl.com>; Mon, 7 Jun 2010 13:45:33 -0700 (PDT)
Received: from mail-gw0-f44.google.com (mail-gw0-f44.google.com [74.125.83.44]) by core3.amsl.com (Postfix) with ESMTP id A49A03A67F5 for <hybi@ietf.org>; Mon, 7 Jun 2010 13:45:33 -0700 (PDT)
Received: by gwj21 with SMTP id 21so974255gwj.31 for <hybi@ietf.org>; Mon, 07 Jun 2010 13:45:31 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:received:in-reply-to :references:date:message-id:subject:from:to:content-type; bh=MPcHdl5GAbAbn11uz/fZscq8I1jHspeCs8IjQZKKFkQ=; b=iIp6EIF7f+zyJhifn7dKsq9aOkF2JTjRVZ7IWamcPGKFwF4Lz204540gW1e/d0Fhwn UxoI3Af7stNTaolbTxKX8xi4XoaBI6YTptft+yqR4K+15xIaFKEGJ4jVEDLC9z0Ekekw 5WQ4IE+2qZHtHwH/FJxuPx9pxbQQsyP32QXSU=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; b=XHxyE2otTpcGITtjCGo5fM9ePrqJUNwcG8Pc/9iqV409iW3cAOjkZ1KL5OCI04X2pE ajGpOTp7BfHP//jXbGZ0x/p+i0m0Ezp0rEji8S/R99p7kF4qXexFl+o7ldauwfK4Y9Xn gVicnj+qjQwLV8636MhfWI31nlYivkpRfDmec=
MIME-Version: 1.0
Received: by 10.229.185.16 with SMTP id cm16mr4970805qcb.24.1275943530430; Mon, 07 Jun 2010 13:45:30 -0700 (PDT)
Received: by 10.229.80.7 with HTTP; Mon, 7 Jun 2010 13:45:30 -0700 (PDT)
In-Reply-To: <AANLkTimo9g4Tvzd1RekVXKtTpOhRz58jr7VLqhS-Wrdf@mail.gmail.com>
References: <AANLkTimo9g4Tvzd1RekVXKtTpOhRz58jr7VLqhS-Wrdf@mail.gmail.com>
Date: Mon, 7 Jun 2010 17:45:30 -0300
Message-ID: <AANLkTilEaX2s5e-odBjZgT4_lrqHyZy8LaJPdyrO54D_@mail.gmail.com>
From: Wellington Fernando de Macedo <wfernandom2004@gmail.com>
To: hybi@ietf.org
Content-Type: multipart/alternative; boundary=0016364ec9bae280a4048876c045
Subject: Re: [hybi] Authentication headers
X-BeenThere: hybi@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Server-Initiated HTTP <hybi.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/hybi>, <mailto:hybi-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/hybi>
List-Post: <mailto:hybi@ietf.org>
List-Help: <mailto:hybi-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/hybi>, <mailto:hybi-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 07 Jun 2010 20:45:35 -0000

Hmm, I've just found out in the Server-side requirements section:

"Other fields
      Other fields can be used, such as "Cookie", for authentication
      purposes.  Their semantics are equivalent to the semantics of the
      HTTP headers with the same names."

Perhaps in the Client-side section of the draft could be written something
similar.

2010/6/7 Wellington Fernando de Macedo <wfernandom2004@gmail.com>

> Hi,
>
> I'm updating the Mozilla's implementation of the WS protocol to its latest
> version (v.76).
> I know that handling the 401 http response was already removed in the v75.
> But now
> I've noted that even the http Authorization header has been removed.
>
> Well, I think that the 401 http status was removed in order to prevent the
> browser to
> open unexpected auth dialogs to the user. Actually, I know there is the
> cookie information,
> but I think it isn't always enough. So, I would like to ask, why can't a
> "normal"
> request include the Authorization header from its page origin?
>
> Wellington.
>