httpd-test-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Aaron Bannert <>
Subject Re: [PATCH] flood: basic user auth
Date Thu, 05 Sep 2002 17:04:59 GMT
On Wed, Sep 04, 2002 at 10:43:51AM -0700, Justin Erenkrantz wrote:
> > ...and react to WWW-Authenticate header just like browsers and other
> > tiny clients (like wget) do. And I think we want to mimic browser
> > behaviour. OTOH this brings up other issue -- an url list where we can
> > insert new urls in realtime (like is planned for 3xx responses), which
> > needs a bit more work...
> *sigh*  Yeah, that's one thing we've always thought about, but never
> really implemented (allowing following of 3xx).  If you wish to
> take a stab at it, be our guest.  Almost certainly, we'd have to
> discuss it on-list first before coding it up.  -- justin

I missed this part of the discussion the other day. I think it would be
useful to allow for certain types of dynamic urllist manipulation, but
I don't think in general we want to support automatic 302 redirection.
Either you are checking for the 302 response and the next entry in your
urllist is the same url that came back with the 302, or your app wasn't
supposed to return 302. (I tend to think that gratuitous 302's are

An even more complicated example is how flood should deal with the
WWW-Authenticate stuff, as suggested above. I tend to think that flood
should be able to both check that the auth was required, and that some
supplied credentials were accepted.

I guess in both cases as long as it can be controlled whether to do
automatic 302s or supply auth information, then that's fine. I just tend
to think that we don't need it to be automatic.


View raw message