hc-httpclient-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Tony Seebregts" <to...@cibecs.com>
Subject Athentication/Expect-Continue - Follow-Up
Date Wed, 22 Jun 2005 07:09:46 GMT
Hi Oleg/Roland,

FYI, I've posted the reply from the Jetty support list about the
Authentication/Expect-Continue problem (from about a week back). Seems like
its an area open to interpretation.

> | In Jetty at least the connection is not made between the application 
> | security constraints and the need to send (or not) a 100-continue.
>
> Per the specification, a 100-continue response is an:
>
> ".../interim response/ [which] is used to inform the client that the
> /initial part of the request/ has been received and *has /not yet/ 
> been rejected by the server*." -- HTTP 1.1 Spec., '10.1.1. 100 Continue'
> 
> Obviously, a 100-continue response does not indicate that the final 
> request will not be rejected but only that the request in its initial 
> state is "so far OK".  This has absolutely nothing to do with whether the 
> URI itself requires authentication for the /final request/.  
>
> "....The server MUST send a /final response/ /after the request has been 
> completed/." -- supra. 
> Note that the specification states only that a "final response" is to be 
> sent after the full request is sent.  It says nothing about whether any 
> other interim responses can be sent along with the 100 response, nor does 
> it indicate that a 100 response must be sent alone.

Would be interested to hear your comments/interpretation. The Jetty
developers are posting it to the RFC EG for clarification in the meantime
though.

Regards

Tony Seebregts


---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: httpclient-user-help@jakarta.apache.org


Mime
View raw message