On Thursday 28 November 2002 00.44, Robert Collins wrote:
> Its meant to be closed immediately - IE is not meant to send the
> request body once auth is required (according to some MS article I
> ran into).
Well.. to play well with TCP/IP we MUST keep on reading the connection
until the full request has been received or the connection is closed
by the browser, or else the browser may receive a RST from us
completely screwing up things to the point of even not allowing the
browser to receive the 407 reply (timing dependent).
This is true for all the other authentication schemes and/or methods
(in fact any response generated by Squid), and SHOULD be true when
using NTLM as well.
The browser MAY abort the transmission of the body upon receiving the
407 reply or another error, but we cannot force the browser to do so.
This is also one of the reasons to why "100 Continue" is added to the
HTTP/1.1 specs, but the same problem still applies to some extent
even when "100 Continue" is supported.
Similar issues can be seen if the browser initiates request
pipelining.
Regards
Henrik
Received on Wed Nov 27 2002 - 17:04:19 MST
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:18:49 MST