RFC2616 : Do I really need to set WWW_Authenticate when returning 401?

Posted by Chris McCauley on Stack Overflow See other posts from Stack Overflow or by Chris McCauley
Published on 2010-04-07T21:27:12Z Indexed on 2010/04/07 21:33 UTC
Read the original article Hit count: 285

Filed under:

http

|

http-header-fields

|

ruby

|

merb

|

rest

According to RFC2616 if I return 401 in response to a request to my (Ruby) server, I "MUST include a WWW-Authenticate header field." Is this really true? Not setting the header seems to have no negative impact. I'm using Merb as a web framework and it doesn't force me to set the header.

Am I missing something or is this a rule more honoured in the breach?

© Stack Overflow or respective owner

Related posts about http

Cannot update, apt-get cannot fetch index files

as seen on Ask Ubuntu - Search for 'Ask Ubuntu'
I have a fresh install of Ubuntu 11.10 from the iso 'ubuntu-11.10-desktop-amd64.iso'. I installed this in VMWare Fusion 4.1.1 running on OSX 10.7.3. When setting up the VM, I allowed easy install to take care of creating my user and installing VMWare tools. No problems during installation, everything… >>> More
the size of apt-get update lists is too big

as seen on Ask Ubuntu - Search for 'Ask Ubuntu'
I ran a clean install to Ubuntu 12.04 and so far everything has been working well. I especially commend the Ubuntu team for this release. I only noticed that the size of repository update is now about ~13MB. Normally, it is about this size for the first time you run apt-get update after a clean install… >>> More
Quantal: Broken apt-index, cant fix dependencies

as seen on Ask Ubuntu - Search for 'Ask Ubuntu'
I can't seem to add/remove/update packages Ubuntu software update has a notice about partial upgrades but fails Seems to be similar to this problem $ sudo apt-get update Ign http://archive.ubuntu.com quantal InRelease Ign http://security.ubuntu.com precise-security InRelease Ign… >>> More
12.04: Apt-Get Update: failure to fetch; can't connect to any sources

as seen on Ask Ubuntu - Search for 'Ask Ubuntu'
I realize there are dozens of "apt-get update: failure to fetch" questions (I read through all I could find), but my present circumstance is unique to 12.04 and it affects all sources; not just launchpad. Additionally, I've tried several different servers in Europe and the U.S. as well as the "main… >>> More
How can I remove the Translation entries in apt?

as seen on Ask Ubuntu - Search for 'Ask Ubuntu'
This is the output of aptitude update: Ign http://archive.canonical.com natty InRelease Ign http://extras.ubuntu.com natty InRelease Ign http://dl.google.com stable InRelease Ign http://security.ubuntu.com natty-security InRelease Hit http://deb.torproject.org natty InRelease Get:1 http://dl.google… >>> More

Related posts about http-header-fields

Get HTTP header fields only on iPhone

as seen on Stack Overflow - Search for 'Stack Overflow'
I want to get only the headers of an URL request. I have been using stringWithContentsOfURL() for all downloading so far, but now I am only interested in the headers and downloading the entire file is not feasible as it is too large. I have found solutions which show how to read the headers after… >>> More
Server removes all custom HTTP header fields

as seen on Stack Overflow - Search for 'Stack Overflow'
Hello, I've been trying to receive HTTP requests with custom fields in the headers but it seems like my server removes them... I printed the headers of the request when I arrive on my page.php. I see that : body uri http://url.com/oauth.php/request_token parameters headers Array ....*/* ....gzip… >>> More
Google.com and clients1.google.com/generate_204

as seen on Stack Overflow - Search for 'Stack Overflow'
I was looking into google.com's Net activity in firebug just because I was curious and noticed a request was returning "204 No Content." It turns out that a 204 No Content "is primarily intended to allow input for actions to take place without causing a change to the user agent's active document… >>> More
WCF GZip Compression Request/Response Processing

as seen on Stack Overflow - Search for 'Stack Overflow'
How do I get a WCF client to process server responses which have been GZipped or Deflated by IIS? On IIS, I've followed the instructions here on how to make IIS 6 gzip all responses (where the request contained "Accept-Encoding: gzip, deflate") emitted by .svc wcf services. On the client, I've followed… >>> More
What is the HTTP_PROFILE browser header and how is it used?

as seen on Stack Overflow - Search for 'Stack Overflow'
I've just come across the HTTP_PROFILE header that seems to be used by mobile browsers to point to an .xml document describing the device's capabilities. Doing a Google search doesn't turn up any definitive resources on what this is and how it should be used, can anyone point me to something along… >>> More